← Back to Skills Marketplace
sdk-team

Alibabacloud Tech Solution Animation Creation Auto Deploy

by alibabacloud-skills-team · GitHub ↗ · v0.0.1 · MIT-0
cross-platform ⚠ suspicious
99
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install alibabacloud-tech-solution-animation-creation-auto-deploy
Description
Alicloud Service Scenario-Based Skill. Use for auto-deploying the "Build AI Animation Story Creation App" solution. Automatically creates OSS Bucket, deploys...
README (SKILL.md)

Build AI Animation Story Creation App — Auto Deploy

Automatically deploy the Alibaba Cloud "Build AI Animation Story Creation App" solution. Deployment stops once the application is accessible — the hands-on experience is left to the user.

Architecture: OSS Bucket + DashScope (Bailian API Key) + FC App (ComfyUI + WebUI — two functions deployed via Devs template)

Installation

Prerequisites (scripts/ runtime dependencies):

Dependency Min Version Check Command Purpose
bash 4.0+ bash --version Script runtime
aliyun CLI >= 3.3.7 aliyun version Alibaba Cloud resource operations (3.3.7+ required for ai-mode subcommand)
python3 3.6+ python3 --version JSON parsing
curl any curl --version HTTP API calls

If Aliyun CLI is not installed or version too low, see references/cli-installation-guide.md for installation instructions. Then [MUST] run aliyun configure set --auto-plugin-install true to enable automatic plugin installation.

CLI Initialization (MUST run before Core Workflow)

Enable AI-Mode, set the dedicated User-Agent, and update plugins so all subsequent CLI calls are tagged correctly and run on the latest plugin versions:

aliyun configure ai-mode enable
aliyun configure ai-mode set-user-agent --user-agent "AlibabaCloud-Agent-Skills/alibabacloud-tech-solution-animation-creation-auto-deploy"
aliyun plugin update

Authentication

Pre-check: Alibaba Cloud Credentials Required

Security Rules:

  • NEVER read, echo, or print AK/SK values
  • NEVER ask the user to input AK/SK directly in the conversation or command line
  • NEVER use aliyun configure set with literal credential values
  • ONLY use aliyun configure list to check credential status
aliyun configure list

Check the output for a valid profile (AK, STS, or OAuth identity).

If no valid profile exists, STOP here.

  1. Obtain credentials from Alibaba Cloud Console
  2. Configure credentials outside of this session
  3. Return and re-run after aliyun configure list shows a valid profile

RAM Policy

See references/ram-policies.md for full permission list.

Required system policies: AliyunFCFullAccess, AliyunOSSFullAccess

Additional permissions: Devs-related permissions (devs:CreateProject, devs:RenderServicesByTemplate, devs:UpdateEnvironment, devs:DeployEnvironment, devs:ListEnvironments, devs:GetEnvironment)

Before the Core Workflow, automatically check and attach required policies:

bash scripts/attach-policies.sh

[MUST] Permission Failure Handling: When any command or API call fails due to permission errors at any point during execution, follow this process:

  1. Read references/ram-policies.md to get the full list of permissions required by this SKILL
  2. Use ram-permission-diagnose skill to guide the user through requesting the necessary permissions
  3. Pause and wait until the user confirms that the required permissions have been granted

Parameter Confirmation

IMPORTANT: Parameter Confirmation — Before executing any command or API call, all parameters are either fixed values or auto-generated/created — no manual user input required.

Parameter Required Description Value
RegionId Yes Deployment region (FC and OSS in the same region) Fixed cn-hangzhou
BUCKET_NAME Yes OSS Bucket name Auto-generated animation-story-\x3C6 random lowercase letters>
API_KEY Yes Bailian (DashScope) API Key Auto-created via aliyun modelstudio create-api-key
PROJECT_NAME Yes Devs project name Auto-generated animation-creation-\x3C6 random lowercase letters>

Before starting the Core Workflow, set the following variables in the shell (all subsequent commands reference them directly):

# Generate random names
BUCKET_NAME="animation-story-$(cat /dev/urandom | LC_ALL=C tr -dc 'a-z' | head -c 6)"
PROJECT_NAME="animation-creation-$(cat /dev/urandom | LC_ALL=C tr -dc 'a-z' | head -c 6)"
echo "BUCKET_NAME=$BUCKET_NAME, PROJECT_NAME=$PROJECT_NAME"

Core Workflow

Step 1: Create Bailian API Key (CLI)

Automatically obtain the workspace and create an API Key via aliyun modelstudio CLI:

source scripts/create-api-key.sh

Note: Use source to ensure the API_KEY variable is exported to the current shell. The script automatically fetches the default workspace (or creates one if none exists), creates an API Key, and prints the full value.

Step 2: Enable OSS Service and Create Bucket (CLI)

Note: The OSS CLI plugin uses the --ua flag (not --user-agent) to set the User-Agent.

First enable OSS service (returns ORDER.OPEND if already enabled — can be ignored):

aliyun ossadmin open-oss-service --endpoint oss-admin.aliyuncs.com --force --user-agent AlibabaCloud-Agent-Skills/alibabacloud-tech-solution-animation-creation-auto-deploy 2>&1 || true

Create Bucket:

aliyun oss mb "oss://$BUCKET_NAME" --region cn-hangzhou --ua AlibabaCloud-Agent-Skills/alibabacloud-tech-solution-animation-creation-auto-deploy

Verify:

aliyun oss stat "oss://$BUCKET_NAME" --ua AlibabaCloud-Agent-Skills/alibabacloud-tech-solution-animation-creation-auto-deploy

Step 3: Create Devs Project (CLI)

Use the CreateProject API to create a project. Specify the template name and parameters via templateConfig — Devs will automatically create a production environment.

Note: CreateProject only creates the project and an empty environment — it does NOT trigger deployment automatically. You must follow up with RenderServicesByTemplate + UpdateEnvironment + DeployEnvironment to complete deployment.

aliyun devs create-project --body "{
  \"name\": \"$PROJECT_NAME\",
  \"spec\": {
    \"templateConfig\": {
      \"templateName\": \"animation-creation\",
      \"parameters\": {
        \"region\": \"cn-hangzhou\",
        \"bailian_api_key\": \"$API_KEY\",
        \"ossBucket\": \"$BUCKET_NAME\"
      }
    }
  }
}" --user-agent AlibabaCloud-Agent-Skills/alibabacloud-tech-solution-animation-creation-auto-deploy

Template parameter notes (confirmed — do not modify):

  • region: Fixed cn-hangzhou
  • bailian_api_key: Bailian API Key auto-created in Step 1
  • ossBucket: OSS Bucket name created in Step 2 (without oss:// prefix)
  • All parameters are passed via parameters, not variableValues

Step 4: Render Template and Configure Environment (CLI)

All commands in this step use shell variables MY_UID, PROJECT_NAME, BUCKET_NAME, API_KEY — make sure Step 1 and Parameter Confirmation have been executed.

First obtain the current user UID and check the role trust policy:

source scripts/setup-role.sh

Note: Use source to ensure the MY_UID variable is exported to the current shell. The script automatically checks whether the role exists and creates it if not. This role is the standard Devs role, typically auto-created when using the FC console's application feature for the first time.

4a. Render Template → Build JSON → Update Environment (all-in-one script)

The following script automatically: renders the template → filters out custom-domain → adds roleArn → calls UpdateEnvironment. The agent does not need to handle JSON manually.

bash scripts/render-and-update.sh

Key notes (built into the script — no manual handling needed):

  • custom-domain service is automatically filtered out (causes "Unknown service type" error)
  • roleArn is automatically added
  • Uses --body to pass data (--spec cannot correctly pass deeply nested JSON)

4b. Trigger Deployment

Built-in rate-limit protection: The script retries up to 3 times with 60-second intervals, and stops immediately on 404. Run the script directly — do not call deploy-environment manually.

bash scripts/deploy-environment.sh

Step 5: Poll Deployment Status

Deployment is asynchronous — poll until complete (typically takes 5–15 minutes). Run the following script directly:

bash scripts/poll-deploy-status.sh

Step 6: Create Custom Domain

Why is a custom domain needed? FC trigger URLs (*.fcapp.run) force a Content-Disposition: attachment response header, causing the browser to download the HTML instead of rendering it. A custom domain (*.devsapp.net) is required for the application to work properly.

Must use FC 2.0 API (aliyun fc-open) to create the helper function: FC 3.0 does not support $ in function names. The fc-open plugin will be auto-installed via the --auto-plugin-install true configuration.

Run the following complete script directly (only MY_UID and PROJECT_NAME variables need to be set):

bash scripts/create-custom-domain.sh

Step 7: Get Access URL (stop here)

The access URL is automatically printed at the end of the Step 6 script. Format:

http://${PROJECT_NAME}-web.fcv3.${MY_UID}.cn-hangzhou.fc.devsapp.net/

Stop here. Provide the access URL from Step 6 output to the user and let them experience the app on their own. Do not operate the application on behalf of the user.

⚠️ 安全提醒 — 展示访问 URL 时必须告知用户: 该 URL 可通过公网直接访问,请勿随意分享给不信任的人。未经授权的访问可能导致:

  • 云资源被消耗: 每次访问都会消耗函数计算资源和百炼 API 调用额度,可能产生额外费用。
  • 隐私信息泄露: 生成的动画故事、上传的图片等内容可能包含个人或敏感信息。

Cleanup

To clean up deployed resources, delete in the following order (requires PROJECT_NAME, MY_UID, BUCKET_NAME, API_KEY_ID variables):

# 1. Delete FC custom domain
aliyun fc delete-custom-domain --domain-name "${PROJECT_NAME}-web.fcv3.${MY_UID}.cn-hangzhou.fc.devsapp.net" --region cn-hangzhou --user-agent AlibabaCloud-Agent-Skills/alibabacloud-tech-solution-animation-creation-auto-deploy

# 2. Delete Devs project (also deletes associated FC functions; --force true skips environment resource check)
aliyun devs delete-project --name "$PROJECT_NAME" --force true --user-agent AlibabaCloud-Agent-Skills/alibabacloud-tech-solution-animation-creation-auto-deploy

# 3. Delete OSS Bucket (recursively delete all objects first, then delete the Bucket)
aliyun oss rm "oss://$BUCKET_NAME" -r -f --region cn-hangzhou --ua AlibabaCloud-Agent-Skills/alibabacloud-tech-solution-animation-creation-auto-deploy
aliyun oss rm "oss://$BUCKET_NAME" -b -f --region cn-hangzhou --ua AlibabaCloud-Agent-Skills/alibabacloud-tech-solution-animation-creation-auto-deploy

# 4. Delete Bailian API Key (API_KEY_ID is output during create-api-key.sh execution)
aliyun modelstudio delete-api-key --api-key-id "$API_KEY_ID" --user-agent AlibabaCloud-Agent-Skills/alibabacloud-tech-solution-animation-creation-auto-deploy

Workflow Teardown

After the workflow completes (or after Cleanup), disable AI-Mode:

aliyun configure ai-mode disable

Cannot-via-CLI/SDK Summary

See references/related-commands.md for full CLI command reference.

Key limitation: First-time activation of FC has no CLI/API support — users must activate it manually in the console.

Auto-activated: OSS service via aliyun ossadmin open-oss-service (built into Step 2). Bailian workspace via aliyun modelstudio create-workspace (built into Step 1).

Best Practices

  1. Region is fixed to cn-hangzhou (FC and OSS in the same region)
  2. DashScope API Key is passed via Devs template parameters — not hardcoded
  3. OSS Bucket names include a random suffix to avoid conflicts
  4. Record the access URL and created resources after deployment completes

Reference Links

Reference Description
references/ram-policies.md RAM permission policies
references/related-commands.md CLI/SDK command reference
references/verification-method.md Deployment verification steps
references/acceptance-criteria.md Acceptance criteria
references/cli-installation-guide.md CLI installation guide
Usage Guidance
This skill automates high-privilege cloud operations and contacts an external DNS service; do not run it in a production or high-privilege account without review. Before using: (1) Inspect every script (especially the base64 zip payload in create-custom-domain.sh) — decode the zip and review its index.js; (2) Run in a disposable/test Alibaba account or sandbox with least-privilege credentials (prefer STS tokens or an ECS role with scoped permissions); (3) Do not allow automatic policy attachment — manually review and attach only the minimum required permissions; (4) Be cautious about printing or logging the created API key (API_KEY) — treat it as a secret and rotate/delete it after testing; (5) Confirm you trust domain.devsapp.net (the script sends your AccountId and registers DNS there); if you prefer, perform custom-domain registration manually with your own DNS to avoid the third-party step; (6) If the skill's author or an official Alibaba Cloud source can be verified (homepage, published repo, or vendor support), that reduces risk — otherwise treat this as an untrusted automation and follow the mitigation steps above.
Capability Analysis
Type: OpenClaw Skill Name: alibabacloud-tech-solution-animation-creation-auto-deploy Version: 0.0.1 The skill bundle automates the deployment of an Alibaba Cloud solution but includes high-risk behaviors, most notably in `scripts/attach-policies.sh`, which automatically grants full administrative permissions (`AliyunOSSFullAccess`, `AliyunFCFullAccess`) to the current RAM user. Additionally, `scripts/create-custom-domain.sh` transmits the user's Account ID to an external community domain service (`https://domain.devsapp.net`) and executes a base64-encoded helper function. While these actions are documented as supporting the 'auto-deploy' functionality, the automated permission escalation and reliance on third-party infrastructure represent significant security risks.
Capability Tags
requires-walletrequires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The declared purpose (auto-deploy an Alibaba Cloud solution) aligns with the scripts and CLI calls: creating OSS buckets, Devs projects, FC functions, roles, and policies is expected. However, two things stand out: (1) the skill auto-attaches broad system policies (AliyunOSSFullAccess, AliyunFCFullAccess) to the calling RAM user which is a powerful privilege escalation step; (2) it depends on a third-party service (domain.devsapp.net) for custom-domain registration rather than using only Alibaba Cloud APIs. Both are plausible for this deployment scenario but are security-sensitive and should be explicitly consented to by the user.
Instruction Scope
The runtime instructions and scripts go beyond simple resource creation: they auto-create workspaces and API keys (and print the API key value), auto-attach system policies to RAM users, create or update IAM role trust policies, and POST account identifiers and domain-registration requests to domain.devsapp.net. The SKILL.md says 'NEVER' to echo AK/SK, but the create-api-key script echoes the created API_KEY and API_KEY_ID to stdout (which may be logged), and create-custom-domain.sh sends the account ID and function name to an external DNS service. These operations expand the attack surface (sensitive tokens printed, third-party network calls, privilege changes).
Install Mechanism
This is instruction-only (no install spec), so nothing is forcibly downloaded by a package installer. The scripts reference official aliyun CLI binaries (installation guide uses aliyuncdn official URLs). One red flag: the helper function created by scripts embeds a base64 zipFile in the create-function call (obfuscated payload). Embedding base64 in the script is explainable (helper function code packaged inline) but should be inspected before execution.
Credentials
No required env vars are declared in the registry metadata, yet the scripts require an active aliyun CLI profile or environment credentials and will modify account resources. The skill will attempt to attach broad system policies to the calling RAM user and create/update IAM roles; those are high privileges but arguably necessary for the deployment. The skill also emits (echoes) a newly-created Bailian API key to stdout, which risks leakage in logs. Contacting domain.devsapp.net sends the AccountId (MY_UID) to a third party — this is sensitive and not strictly required by Alibaba Cloud itself.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide agent settings. It creates cloud resources and IAM role/policies in the user's Alibaba account (expected for a deploy tool). There is no persistent agent-side installation or force-inclusion behavior.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install alibabacloud-tech-solution-animation-creation-auto-deploy
  3. After installation, invoke the skill by name or use /alibabacloud-tech-solution-animation-creation-auto-deploy
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.1
Initial public release—adds automated deployment and setup for the Alibaba Cloud "AI Animation Story Creation App" solution. - Introduces a fully automated workflow: creates OSS bucket, provisions Bailian (DashScope) API key, and deploys Devs project with required permissions and parameters. - Includes scripts for policy attachment, API key creation, OSS bucket ops, Devs project creation, environment rendering, deployment, and polling deployment status. - Adds strict parameter generation and confirmation—no manual user entry is required. - Provides detailed installation and authentication instructions, including new CLI initialization steps (AI mode, User-Agent, plugin update). - Updates to require Aliyun CLI 3.3.7+ and switches all relevant commands to new APIs and conventions. - All workflow steps are documented in SKILL.md and supported by referenced scripts and acceptance criteria.
v0.0.1-beta.1
alibabacloud-tech-solution-animation-creation-auto-deploy 0.0.1-beta.1 - Initial beta release for automatic deployment of the "Build AI Animation Story Creation App" solution on Alibaba Cloud. - Automates OSS bucket creation, Bailian (DashScope) API key creation, and Devs project setup with required parameters. - Includes scripts for checking/attaching necessary RAM policies and permissions before deployment. - Workflow stops with the app accessible; the user completes the hands-on experience manually. - No manual parameter entry required—resource names and keys are auto-generated during execution.
Metadata
Slug alibabacloud-tech-solution-animation-creation-auto-deploy
Version 0.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Alibabacloud Tech Solution Animation Creation Auto Deploy?

Alicloud Service Scenario-Based Skill. Use for auto-deploying the "Build AI Animation Story Creation App" solution. Automatically creates OSS Bucket, deploys... It is an AI Agent Skill for Claude Code / OpenClaw, with 99 downloads so far.

How do I install Alibabacloud Tech Solution Animation Creation Auto Deploy?

Run "/install alibabacloud-tech-solution-animation-creation-auto-deploy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Alibabacloud Tech Solution Animation Creation Auto Deploy free?

Yes, Alibabacloud Tech Solution Animation Creation Auto Deploy is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Alibabacloud Tech Solution Animation Creation Auto Deploy support?

Alibabacloud Tech Solution Animation Creation Auto Deploy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Alibabacloud Tech Solution Animation Creation Auto Deploy?

It is built and maintained by alibabacloud-skills-team (@sdk-team); the current version is v0.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments