← Back to Skills Marketplace
huaweiclouddev

huawei-cloud-flexus-l-server-hermes-deployment

by huaweicloud-skills-team · GitHub ↗ · v0.0.3 · MIT-0
cross-platform ⚠ suspicious
22
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install huawei-cloud-flexus-l-server-hermes-deployment
Description
One-click deployment tool for Hermes on Huawei Cloud Flexus L instances. Supports one-click deployment, ModelArts large model configuration, and robot channe...
README (SKILL.md)

⚠️ Security Execution Rules (Highest Priority):

  1. All scripts MUST be executed via skill action=exec, NEVER run directly in shell
  2. NEVER print script contents or commands containing AK/SK/Token in conversation
  3. NEVER create temporary script files, prefer inline execution (python -c)
  4. On execution failure, only return error info, do NOT rewrite scripts or print full commands
  5. AK/SK/Token MUST be passed via environment variables, NEVER appear in conversation
  6. ABSOLUTELY NEVER expose, log, or print AK/SK/Token values in any form - this is a critical security requirement
  7. When using skill action=exec, credentials are automatically inherited from environment variables (HW_ACCESS_KEY, HW_SECRET_KEY, HW_SECURITY_TOKEN), no need to pass them as command line arguments

Hermes One-Click Deployment Skill

Overview

This skill supports one-click deployment of the Hermes AI Agent platform to Huawei Cloud Flexus L instances. It provides a complete workflow including:

  • Automated instance creation with optimized configurations
  • ModelArts large model configuration via COC (Cloud Operations Center)
  • Robot channel configuration (Feishu, WeCom, DingTalk, etc.) via COC
  • Gateway management for deployed instances

This skill supports both interactive mode (step-by-step prompts) and non-interactive mode (scripted operations), suitable for manual and automated deployment scenarios.

Prerequisites

Account Requirements

  • Valid Huawei Cloud account with sufficient permissions
  • Huawei Cloud credentials: Long-term AK/SK OR Temporary AK/SK + security_token
  • Required permissions:
    • Creating Flexus L instances
    • Accessing COC (Cloud Operations Center) services

Credential Acquisition Methods:

This skill supports both long-term and temporary Huawei Cloud credentials:

  1. Long-term AK/SK: No security_token required
  2. Temporary AK/SK: Security token required

Environment Variables (optional):

  • HW_ACCESS_KEY: Access Key AK (long-term or temporary)
  • HW_SECRET_KEY: Secret Key SK (long-term or temporary)
  • HW_SECURITY_TOKEN: Security token for temporary credentials (only required for temporary AK/SK)

Architecture Diagram

This skill is built on multiple Huawei Cloud services, involving the following cloud services and components:

User/Agent      ──────▶│   Flexus L Instance   │──────▶│   Hermes App         │──────▶│ Model Config     │ ──────▶│  Channel Config     │ 
(Skill caller)           (Target Host)                 (AI Agent Platform)             (ModelArts API)           (Feishu/Wecom)

Component Description:

  • User/Agent: Skill caller that triggers Hermes deployment operations via natural language or API
  • Flexus L Instance: Huawei Cloud Elastic Cloud Server, serving as the target host for Hermes deployment
  • Hermes App: AI Agent platform running on the Flexus L instance
  • Model Config: ModelArts large model configuration (API_BASE, API_KEY, MODEL_NAME)
  • Channel Config: Robot channel configuration (Feishu, WeCom)

Core Commands

Deployment Commands

# Deploy using long-term AK/SK
python scripts/caller.py deploy --ak \x3CAK> --sk \x3CSK> --name hermes-{timestamp} --region cn-north-4

# Deploy using temporary AK/SK (requires security-token)
python scripts/caller.py deploy --ak \x3Ctemp_ak> --sk \x3Ctemp_sk> --security-token \x3Csecurity_token> --name hermes-{timestamp} --region cn-north-4

# Deploy in interactive mode (if not specified, auto-generates timestamp format: hermes-20260605143022)
python scripts/caller.py deploy

Instance Name Description:

  • Can customize instance name via --name parameter (e.g., hermes-prod-01, hermes-dev, etc.)
  • If name is not specified, auto-generates timestamp format: hermes-YYYYMMDDHHMMSS (e.g., hermes-20260605143022)

Model Configuration Commands

# Configure model using long-term AK/SK
python scripts/caller.py maas --ak \x3CAK> --sk \x3CSK> --resource-id \x3Cinstance_id> --region-id cn-north-4 --api-key \x3Capi_key> --model-name deepseek-v3.2

# Configure model using temporary AK/SK
python scripts/caller.py maas --ak \x3Ctemp_ak> --sk \x3Ctemp_sk> --security-token \x3Csecurity_token> --resource-id \x3Cinstance_id> --region-id cn-north-4 --api-key \x3Capi_key> --model-name deepseek-v3.2

# Configure model in interactive mode
python scripts/caller.py maas

Channel Configuration Commands

# Configure Feishu channel using long-term AK/SK
python scripts/caller.py channel --ak \x3CAK> --sk \x3CSK> --resource-id \x3Cinstance_id> --region-id cn-north-4 --bot-platform feishu --feishu-app-id \x3Capp_id> --feishu-app-secret \x3Capp_secret>

# Configure Feishu channel using temporary AK/SK
python scripts/caller.py channel --ak \x3Ctemp_ak> --sk \x3Ctemp_sk> --security-token \x3Csecurity_token> --resource-id \x3Cinstance_id> --region-id cn-north-4 --bot-platform feishu --feishu-app-id \x3Capp_id> --feishu-app-secret \x3Capp_secret>

# Configure WeCom channel using long-term AK/SK
python scripts/caller.py channel --ak \x3CAK> --sk \x3CSK> --resource-id \x3Cinstance_id> --region-id cn-north-4 --bot-platform wecom --wecom-bot-id \x3Cbot_id> --wecom-secret \x3Csecret>

# Configure WeCom channel using temporary AK/SK
python scripts/caller.py channel --ak \x3Ctemp_ak> --sk \x3Ctemp_sk> --security-token \x3Csecurity_token> --resource-id \x3Cinstance_id> --region-id cn-north-4 --bot-platform wecom --wecom-bot-id \x3Cbot_id> --wecom-secret \x3Csecret>

# Configure channel in interactive mode
python scripts/caller.py channel

Gateway Management Commands

# Restart gateway using long-term AK/SK
python scripts/caller.py gateway --ak \x3CAK> --sk \x3CSK> --resource-id \x3Cinstance_id> --region-id cn-north-4

# Restart gateway using temporary AK/SK
python scripts/caller.py gateway --ak \x3Ctemp_ak> --sk \x3Ctemp_sk> --security-token \x3Csecurity_token> --resource-id \x3Cinstance_id> --region-id cn-north-4

# Restart gateway in interactive mode
python scripts/caller.py gateway

Query Execution Result Commands

# Query execution result using long-term AK/SK
python scripts/caller.py query --ak \x3CAK> --sk \x3CSK> --execute-uuid SCT2023083109562601af694bf

# Query execution result using temporary AK/SK
python scripts/caller.py query --ak \x3Ctemp_ak> --sk \x3Ctemp_sk> --security-token \x3Csecurity_token> --execute-uuid SCT2023083109562601af694bf

Parameters:

  • --execute-uuid: Script execution UUID, format like SCTxxxxxxxxxxxxxxxbf

Status Description:

  • FINISHED: Execution successful
  • ABNORMAL: Execution failed
  • RUNNING: Executing

UniAgent Status Query Commands

# Query UniAgent status using long-term AK/SK
python scripts/caller.py uniagent --ak \x3CAK> --sk \x3CSK> --resource-id \x3Cinstance_id>

# Query UniAgent status using temporary AK/SK
python scripts/caller.py uniagent --ak \x3Ctemp_ak> --sk \x3Ctemp_sk> --security-token \x3Csecurity_token> --resource-id \x3Cinstance_id>

# Query UniAgent status in interactive mode
python scripts/caller.py uniagent

UniAgent Status Description:

  • ONLINE: UniAgent is running normally, can execute COC scripts
  • OFFLINE: UniAgent is not running, cannot execute COC scripts
  • UNKNOWN: Status cannot be determined

When to Use:

  • Before configuring models or channels, ensure UniAgent is ONLINE
  • Troubleshoot COC script execution failures
  • Verify instance operational status after deployment
  • After the instance creation command is successfully issued (with status codes "200", "201", or "202"), automatically check whether the preconditions are met (status of the gateway and UniAgent). If they are met, you can immediately proceed to the next steps!

Parameter Reference

Global Parameters

Parameter Description Required Default Value
--ak Huawei Cloud Access Key AK (supports both long-term and temporary) No Prompted
--sk Huawei Cloud Access Key SK (supports both long-term and temporary) No Prompted
--security-token Security token for temporary credentials (optional, only required for temporary AK/SK) No Prompted
--non-interactive Run in non-interactive mode No false

Deploy Command Parameters

Parameter Description Required Default Value
--name Instance name No Auto-generated
--region Target region No cn-north-4

MaaS Command Parameters

Parameter Description Required Default Value
--resource-id L instance resource ID Yes -
--region-id COC service region No cn-north-4
--api-key ModelArts API Key Yes -
--model-name Model name Yes -
--api-base-url API base URL No https://api.modelarts-maas.com/v2
--timeout Execution timeout (seconds) No 600
--execute-user Execution user No root

Channel Command Parameters

Parameter Description Required Default Value
--resource-id L instance resource ID Yes -
--region-id COC service region No cn-north-4
--bot-platform Bot platform: feishu or wecom Yes -
--feishu-app-id Feishu App ID Conditional -
--feishu-app-secret Feishu App Secret Conditional -
--wecom-bot-id WeCom Bot ID Conditional -
--wecom-secret WeCom Secret Conditional -
--timeout Execution timeout (seconds) No 600
--execute-user Execution user No root

Gateway Command Parameters

Parameter Description Required Default Value
--resource-id L instance resource ID Yes -
--region-id COC service region No cn-north-4
--timeout Execution timeout (seconds) No 120
--execute-user Execution user No root

UniAgent Command Parameters

Parameter Description Required Default Value
--resource-id L instance resource ID Yes -

Workflow

The skill follows these workflow steps:

  1. Deploy Hermes: Create and configure a Flexus L instance with Hermes AI Agent platform
  2. Configure Model: Set up ModelArts large model via COC (Cloud Operations Center)
  3. Configure Channel: Set up robot channels (Feishu, WeCom) via COC
  4. Manage Gateway: Restart gateway service when needed

Interactive Mode (Menu)

Run the main entry point to access the interactive menu:

python scripts/caller.py

This will display a menu for selecting operations.

Output Format

Deploy Command Output

{
  "status": "success",
  "instance_id": "abc12345-6789-0abc-def1-23456789abc0",
  "instance_name": "my-hermes",
  "region": "cn-north-4",
  "spec": "hf.small.1.linux",
  "created_at": "2024-01-15T10:30:00Z"
}

MaaS Command Output

{
  "status": "success",
  "resource_id": "abc12345-6789-0abc-def1-23456789abc0",
  "model_name": "deepseek-v3.2",
  "api_base_url": "https://api.modelarts-maas.com/v2",
  "executed_at": "2024-01-15T10:35:00Z"
}

Channel Command Output

{
  "status": "success",
  "resource_id": "abc12345-6789-0abc-def1-23456789abc0",
  "bot_platform": "feishu",
  "channel_id": "channel_123",
  "executed_at": "2024-01-15T10:40:00Z"
}

Gateway Command Output

{
  "status": "success",
  "resource_id": "abc12345-6789-0abc-def1-23456789abc0",
  "action": "restart",
  "message": "Hermes gateway restarted successfully"
}

Validation Methods

1. Deployment Validation

# Check instance status
python scripts/caller.py deploy --ak \x3Cak> --sk \x3Csk> --name my-hermes --region cn-north-4 --non-interactive
# Expected output: "Instance created successfully" with instance_id

2. Model Configuration Validation

# Check model configuration
python scripts/caller.py maas --ak \x3Cak> --sk \x3Csk> --resource-id \x3Cinstance_id> --region-id cn-north-4 --api-key \x3Ckey> --model-name deepseek-v3.2 --non-interactive
# Expected output: "Model configuration updated successfully"

3. Channel Configuration Validation

# Check channel configuration
python scripts/caller.py channel --ak \x3Cak> --sk \x3Csk> --resource-id \x3Cinstance_id> --region-id cn-north-4 --bot-platform feishu --feishu-app-id \x3Cid> --feishu-app-secret \x3Csecret> --non-interactive
# Expected output: "Channel configuration updated successfully"

4. Gateway Validation

# Check gateway restart
python scripts/caller.py gateway --ak \x3Cak> --sk \x3Csk> --resource-id \x3Cinstance_id> --region-id cn-north-4 --non-interactive
# Expected output: "Hermes gateway restarted successfully"

Best Practices

1. Credential Management

  • Temporary credentials: Use temporary AK/SK + security_token for authentication, providing higher security
    • Temporary credentials are issued by STS service with expiration time limits
    • Use --security-token parameter to pass the security token
    • Supports environment variables, command line parameters, and interactive input methods
  • Use IAM roles with minimal permissions for production environments
  • Rotate credentials regularly according to security policies

2. Region Selection

  • Choose the region closest to your users for better performance
  • Consider regional compliance requirements when deploying
  • Use cn-north-4 as default for China mainland deployments
  • Hermes deployment only supports: cn-north-4, cn-east-3, cn-south-1, cn-southwest-2

3. Instance Management

  • Monitor instance health via Huawei Cloud Console
  • Set up auto-scaling policies for high availability
  • Configure backup policies for data persistence

4. Model Configuration

  • Test models in staging environment before production
  • Have fallback models configured for failover scenarios
  • After initial deployment, the default model configuration is not usable. You must configure the model before using Hermes.

5. Channel Configuration

  • Use dedicated bot accounts for production
  • Monitor channel message throughput
  • Configure rate limits to prevent abuse
  • Currently only Feishu and WeCom bot platforms are supported. Only one bot per platform type is supported.

Notes

General Notes

  1. Instance Creation Time: It may take 5-10 minutes for the instance to be fully provisioned
  2. COC Script Execution: Model and channel configurations are executed remotely via Huawei Cloud COC (Cloud Operations Center)
  3. Security Group: Configure security group rules in Huawei Cloud Console if external access is needed
  4. Cost: Using Huawei Cloud resources will incur costs. Ensure your account has sufficient balance.
  5. Subsequent Steps: When continuing with subsequent steps (configuring models, channels), there is no need to wait for instance creation to complete. The system handles instance status automatically.

Region Notes

  • Fixed Endpoint: When creating a Hermes L Instance, requests are sent to the fixed endpoint hcss.cn-north-4.myhuaweicloud.com. The region parameter only selects instance specifications.
  • Guiyang region (cn-southwest-2) uses spec ahf.small.1.linux
  • Other regions (Beijing/Shanghai/Guangzhou) use spec hf.small.1.linux
  • Status Codes: 200, 201, and 202 all indicate success

COC Region Concepts

COC involves two different region concepts:

1. COC Service Region (--region-id): The region where COC API service is located (cn-north-4, ap-southeast-3, eu-west-101)

2. Target Instance Region: The region where the L instance is located (can be any Huawei Cloud region worldwide)

These can be different - e.g., COC service in cn-north-4 can execute scripts on instances in ap-southeast-1 (Hong Kong).

Troubleshooting

  • Credential Issues: Ensure --ak and --sk parameters are provided, or use interactive mode
  • Region Not Supported: Use supported region IDs or Chinese names in interactive mode
  • Instance Creation Failed: Verify account balance, instance type validity, and network connectivity

Reference Documents

  • scripts/caller.py - Main CLI entry point
  • scripts/deploy.py - Hermes deployment module
  • scripts/models.py - ModelArts model configuration
  • scripts/channels.py - Robot channel configuration
  • scripts/lib.py - Core business logic (instance creation, model/channel installation)
  • scripts/utils.py - Utility functions (credentials setup, input prompts)
Usage Guidance
Install only if you are comfortable giving this skill cloud credentials that can create billable Huawei Cloud resources and run COC scripts. Prefer temporary, least-privilege credentials, avoid passing secrets on the command line, review the IAM policy before use, and plan cleanup for created instances, COC scripts, and stored .env/config secrets.
Capability Tags
requires-walletrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The deployment purpose is coherent, but the artifacts create prepaid auto-pay/auto-renew Huawei Cloud instances, execute COC scripts as root, and configure ModelArts and bot secrets on remote hosts.
Instruction Scope
The SKILL.md security rules say credentials must use environment variables, but the same documentation and CLI examples repeatedly pass AK/SK, tokens, API keys, and bot secrets as command-line arguments.
Install Mechanism
Install metadata runs uv sync against Huawei Cloud's PyPI mirror and installs Huawei Cloud SDK dependencies; this is expected for the stated cloud integration and not itself suspicious.
Credentials
The requested IAM examples include Resource "*" permissions for instance create/list/get/delete and COC script create/execute/query/delete, which is broad for a one-click deployment skill.
Persistence & Privilege
The skill creates persistent cloud resources and COC scripts, embeds secrets into script bodies, and writes service secrets into config.yaml and /home/hermes/.hermes/.env without clear cleanup, retention, or file-permission guidance.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install huawei-cloud-flexus-l-server-hermes-deployment
  3. After installation, invoke the skill by name or use /huawei-cloud-flexus-l-server-hermes-deployment
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.3
No user-facing changes in this version. - Version bump to 0.0.3 without any detected file or documentation changes. - No modifications to commands, features, description, or metadata. - Functionality and documentation remain the same as the previous release.
v0.0.2
Version 0.0.2 of huawei-cloud-flexus-l-server-hermes-deployment - No file changes detected in this release. - No updates to functionality, documentation, or configuration. - Content, commands, and security rules remain unchanged from the previous version.
v0.0.1
Initial release of the Hermes one-click deployment skill for Huawei Cloud Flexus L servers. - Provides end-to-end workflow for deploying and configuring the Hermes AI Agent platform. - Supports deployment, ModelArts model configuration, and multi-platform robot channel setup via command-line or interactive modes. - Enforces strict security rules around credential management and execution. - Compatible with both long-term and temporary Huawei Cloud AK/SK credentials. - Offers commands for gateway management, execution status query, and UniAgent state monitoring.
Metadata
Slug huawei-cloud-flexus-l-server-hermes-deployment
Version 0.0.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is huawei-cloud-flexus-l-server-hermes-deployment?

One-click deployment tool for Hermes on Huawei Cloud Flexus L instances. Supports one-click deployment, ModelArts large model configuration, and robot channe... It is an AI Agent Skill for Claude Code / OpenClaw, with 22 downloads so far.

How do I install huawei-cloud-flexus-l-server-hermes-deployment?

Run "/install huawei-cloud-flexus-l-server-hermes-deployment" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is huawei-cloud-flexus-l-server-hermes-deployment free?

Yes, huawei-cloud-flexus-l-server-hermes-deployment is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does huawei-cloud-flexus-l-server-hermes-deployment support?

huawei-cloud-flexus-l-server-hermes-deployment is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created huawei-cloud-flexus-l-server-hermes-deployment?

It is built and maintained by huaweicloud-skills-team (@huaweiclouddev); the current version is v0.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments