← Back to Skills Marketplace
89
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install aliyun-cloudfw-manage
Description
Use when managing Alibaba Cloud Cloud Firewall (Cloudfw) via OpenAPI/SDK, including the user requests firewall policy/resource operations, change management,...
README (SKILL.md)
Category: service
Cloud Firewall
Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for Cloud Firewall.
Workflow
- Confirm region, resource identifiers, and desired action.
- Discover API list and required parameters (see references).
- Call API with SDK or OpenAPI Explorer.
- Verify results with describe/list APIs.
AccessKey priority (must follow)
- Environment variables:
ALICLOUD_ACCESS_KEY_ID/ALICLOUD_ACCESS_KEY_SECRET/ALICLOUD_REGION_IDRegion policy:ALICLOUD_REGION_IDis an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user. - Shared config file:
~/.alibabacloud/credentials
API discovery
- Product code:
Cloudfw - Default API version:
2017-12-07 - Use OpenAPI metadata endpoints to list APIs and get schemas (see references).
High-frequency operation patterns
- Inventory/list: prefer
List*/Describe*APIs to get current resources. - Change/configure: prefer
Create*/Update*/Modify*/Set*APIs for mutations. - Status/troubleshoot: prefer
Get*/Query*/Describe*StatusAPIs for diagnosis.
Minimal executable quickstart
Use metadata-first discovery before calling business APIs:
python scripts/list_openapi_meta_apis.py
Optional overrides:
python scripts/list_openapi_meta_apis.py --product-code \x3CProductCode> --version \x3CVersion>
The script writes API inventory artifacts under the skill output directory.
Output policy
If you need to save responses or generated artifacts, write them under:
output/aliyun-cloudfw-manage/
Validation
mkdir -p output/aliyun-cloudfw-manage
for f in skills/security/firewall/aliyun-cloudfw-manage/scripts/*.py; do
python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/aliyun-cloudfw-manage/validate.txt
Pass criteria: command exits 0 and output/aliyun-cloudfw-manage/validate.txt is generated.
Output And Evidence
- Save artifacts, command outputs, and API response summaries under
output/aliyun-cloudfw-manage/. - Include key parameters (region/resource id/time range) in evidence files for reproducibility.
Prerequisites
- Configure least-privilege Alibaba Cloud credentials before execution.
- Prefer environment variables:
ALICLOUD_ACCESS_KEY_ID,ALICLOUD_ACCESS_KEY_SECRET, optionalALICLOUD_REGION_ID. - If region is unclear, ask the user before running mutating operations.
References
- Sources:
references/sources.md
Usage Guidance
Before installing or enabling this skill: (1) Require the publisher to update the skill metadata to declare the exact required env vars (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID) and the config path (~/.alibabacloud/credentials) so the platform can surface permission prompts. (2) Only provide least-privilege Alibaba Cloud credentials (narrow IAM policy) and test with read-only credentials first. (3) Review and run the included script locally to verify behavior (it fetches public metadata from api.aliyun.com). (4) If you allow autonomous invocation, restrict or audit mutating operations (Create/Update/Modify) — consider disabling autonomous invocation until metadata/behavior is clarified. (5) If the publisher cannot justify the missing metadata, treat the omission as a red flag and avoid giving credentials or enabling the skill for production use.
Capability Analysis
Type: OpenClaw Skill
Name: aliyun-cloudfw-manage
Version: 1.0.0
The skill bundle is a legitimate tool for managing Alibaba Cloud Firewall resources. The included script `scripts/list_openapi_meta_apis.py` fetches API metadata from official Alibaba Cloud endpoints (api.aliyun.com) to assist the agent in discovering available operations, and the instructions in `SKILL.md` follow standard cloud credential management practices without any signs of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
The skill's stated purpose (manage Alibaba Cloud CloudFW) legitimately requires Alibaba Cloud credentials and region information. However, the registry metadata lists no required env vars, primary credential, or config paths even though SKILL.md explicitly prioritizes ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID and ~/.alibabacloud/credentials. This mismatch is incoherent: someone building this skill should declare those requirements.
Instruction Scope
SKILL.md instructs the agent to use environment variables and a shared credentials file (~/.alibabacloud/credentials), to call SDK/OpenAPI (including mutating Create/Update/Modify APIs), and to write artifacts under output/aliyun-cloudfw-manage/. Those instructions are reasonable for a CloudFW manager, but they reference reading credentials and potentially performing mutations while the package metadata does not surface or restrict those capabilities. The script included only fetches public API metadata from api.aliyun.com (expected).
Install Mechanism
No install spec — instruction-only plus a small Python script that fetches metadata from the official api.aliyun.com endpoints. No remote, untrusted binary downloads or extraction. Low install risk.
Credentials
The credentials requested in SKILL.md (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and optional ALICLOUD_REGION_ID) are proportional to the stated purpose. The problem is they are not declared in the skill metadata (requires.env / primaryEnv) and the skill instructs reading ~/.alibabacloud/credentials without declaring that config path. This omission makes it unclear to users/administrators what secrets the skill will use or require.
Persistence & Privilege
always is false and the skill does not request system-wide modification or persistent elevated privileges. The agent can invoke the skill autonomously by default (disable-model-invocation is false), which is platform-standard; combine this with the credential mismatch and you should be cautious about allowing autonomous runs that could perform mutating API calls.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install aliyun-cloudfw-manage - After installation, invoke the skill by name or use
/aliyun-cloudfw-manage - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of aliyun-cloudfw-manage, providing management and troubleshooting for Alibaba Cloud Cloud Firewall via OpenAPI/SDK.
- Supports operations such as firewall policy/resource management, status checks, and workflow troubleshooting.
- Implements API discovery, access credential priority, and a metadata-first workflow.
- Includes scripts for API listing and artifacts output under `output/aliyun-cloudfw-manage/`.
- Requires configuration of Alibaba Cloud credentials with a focus on security and reproducibility.
Metadata
Frequently Asked Questions
What is Aliyun Cloudfw Manage?
Use when managing Alibaba Cloud Cloud Firewall (Cloudfw) via OpenAPI/SDK, including the user requests firewall policy/resource operations, change management,... It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.
How do I install Aliyun Cloudfw Manage?
Run "/install aliyun-cloudfw-manage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Aliyun Cloudfw Manage free?
Yes, Aliyun Cloudfw Manage is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Aliyun Cloudfw Manage support?
Aliyun Cloudfw Manage is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Aliyun Cloudfw Manage?
It is built and maintained by cinience (@cinience); the current version is v1.0.0.
More Skills