The skill is genuinely about Alibaba Cloud PDS file work, but it also enables broad credentialed cloud access, risky sharing defaults, and persistent host-level mount software installation that users should review before use.
Install only if you intentionally need Alibaba Cloud PDS automation and are comfortable granting it access to the relevant drives. Use a least-privilege RAM user or short-lived token, avoid root/admin cloud credentials, do not let an agent configure plaintext keys in chat or shell history, and review generated share links before sending them. Treat mount-app installation as an admin-level action: verify the vendor source, require manual approval, and understand it can add persistent background services. Keep raw analysis JSON and signed download URLs private, especially if they are written to /tmp or shared logs.