← Back to Skills Marketplace
cinience

Alicloud Security Kms

by cinience · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
1151
Downloads
0
Stars
2
Active Installs
4
Versions
Install in OpenClaw
/install alicloud-security-kms
Description
Manage Alibaba Cloud Key Management Service (KMS) via OpenAPI/SDK. Use whenever the user needs key lifecycle/resource operations, policy/configuration change...
README (SKILL.md)

Category: service

Key Management Service

Validation

mkdir -p output/alicloud-security-kms
python -m py_compile skills/security/key-management/alicloud-security-kms/scripts/list_openapi_meta_apis.py && echo "py_compile_ok" > output/alicloud-security-kms/validate.txt

Pass criteria: command exits 0 and output/alicloud-security-kms/validate.txt is generated.

Output And Evidence

  • Save KMS API discovery outputs and operation results in output/alicloud-security-kms/.
  • Keep at least one request parameter example per operation type.

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for KeyManagementService.

Workflow

  1. Confirm region, resource identifiers, and desired action.
  2. Discover API list and required parameters (see references).
  3. Call API with SDK or OpenAPI Explorer.
  4. Verify results with describe/list APIs.

AccessKey priority (must follow)

  1. Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
  2. Shared config file: ~/.alibabacloud/credentials

API discovery

  • Product code: Kms
  • Default API version: 2016-01-20
  • Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

High-frequency operation patterns

  1. Inventory/list: prefer List* / Describe* APIs to get current resources.
  2. Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
  3. Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.

Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

python scripts/list_openapi_meta_apis.py

Optional overrides:

python scripts/list_openapi_meta_apis.py --product-code \x3CProductCode> --version \x3CVersion>

The script writes API inventory artifacts under the skill output directory.

Output policy

If you need to save responses or generated artifacts, write them under: output/alicloud-security-kms/

Prerequisites

  • Configure least-privilege Alibaba Cloud credentials before execution.
  • Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
  • If region is unclear, ask the user before running mutating operations.

References

  • Sources: references/sources.md
Usage Guidance
This skill's code and instructions are consistent with an Alibaba Cloud KMS helper, but its registry metadata fails to declare that it needs your Alibaba Cloud access key and secret. Before installing or invoking: (1) treat this as a skill that will require your ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET — only provide least-privilege credentials (prefer read-only or limited KMS permissions) and avoid long-lived full-admin keys; (2) review the included script locally to confirm it only fetches api.aliyun.com metadata (it does); (3) run first in a sandbox or with test account/keys; (4) ask the publisher to update the skill metadata to list the required env vars and primary credential so the platform can surface the exact secret requests; and (5) for any mutating operations, confirm region and ask the agent to prompt you before performing changes.
Capability Analysis
Type: OpenClaw Skill Name: alicloud-security-kms Version: 1.0.3 The skill bundle is designed for managing Alibaba Cloud Key Management Service (KMS) and appears safe. It includes a Python script (scripts/list_openapi_meta_apis.py) that fetches public API metadata from official Alibaba Cloud endpoints (api.aliyun.com) to help the agent discover available service operations. The instructions in SKILL.md follow standard credential handling practices and do not contain any evidence of malicious intent, data exfiltration, or unauthorized execution.
Capability Assessment
Purpose & Capability
The skill's stated purpose is Alibaba Cloud KMS management and the runtime instructions clearly require Alibaba Cloud credentials and access to OpenAPI metadata; that capability is coherent with the name and description. However, the registry metadata lists no required environment variables or primary credential even though SKILL.md requires ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET (and optionally ALICLOUD_REGION_ID) or a shared credentials file. The omission is an inconsistency between claimed requirements and declared requirements.
Instruction Scope
SKILL.md gives narrow, expected instructions: discover API metadata, use SDK/OpenAPI to call KMS APIs, save outputs to output/alicloud-security-kms/, and prefer least-privilege credentials. It does not instruct reading unrelated system files or exfiltrating data to unusual endpoints. The only external network access is to api.aliyun.com for API metadata, which matches the skill purpose.
Install Mechanism
No install spec is provided (instruction-only) and the only included code is a small Python script that fetches OpenAPI metadata from api.aliyun.com and writes JSON/MD to the local output directory. No downloads of arbitrary code, no archive extraction, and no non-standard binary installation are present.
Credentials
The SKILL.md expects sensitive credentials (ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET) and references a shared config path (~/.alibabacloud/credentials). Those are appropriate and proportionate for a KMS management skill, but they are not declared in the skill's metadata (required env vars / primary credential). That mismatch makes it unclear to the platform or user what secrets will be requested or needed.
Persistence & Privilege
The skill does not request always:true, does not declare system-wide config changes, and is user-invocable with autonomous invocation allowed (the platform default). There is no evidence the skill tries to persist itself beyond normal outputs in its own output directory.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install alicloud-security-kms
  3. After installation, invoke the skill by name or use /alicloud-security-kms
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
batch publish from alicloud-skills on 2026-03-11
v1.0.2
batch publish from alicloud-skills on 2026-02-13
v1.0.1
Initial ClawHub publish for Alibaba Cloud skills with agents metadata.
v1.0.0
Initial ClawHub publish for Alibaba Cloud skills with agents metadata.
Metadata
Slug alicloud-security-kms
Version 1.0.3
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 4
Frequently Asked Questions

What is Alicloud Security Kms?

Manage Alibaba Cloud Key Management Service (KMS) via OpenAPI/SDK. Use whenever the user needs key lifecycle/resource operations, policy/configuration change... It is an AI Agent Skill for Claude Code / OpenClaw, with 1151 downloads so far.

How do I install Alicloud Security Kms?

Run "/install alicloud-security-kms" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Alicloud Security Kms free?

Yes, Alicloud Security Kms is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Alicloud Security Kms support?

Alicloud Security Kms is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Alicloud Security Kms?

It is built and maintained by cinience (@cinience); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments