← Back to Skills Marketplace

MigraQ

Name: MigraQ
Author: haobinaa

by HaoBin · GitHub ↗ · v1.1.4 · MIT-0

cross-platform ⚠ suspicious

295

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install migraq

Description

腾讯云迁移平台（CMG/MSP）全流程能力。触发词：资源扫描、扫描阿里云/AWS/华为云/GCP资源、生成云资源清单、选型推荐、对标腾讯云、推荐规格、帮我推荐、给我推荐、ECS对应什么腾讯云产品、成本分析、TCO、迁移报价、询价、价格计算器、cmg-scan、cmg-recommend、cmg-tco

Usage Guidance

This skill is a proxy that forwards your full queries to Tencent migration endpoints (msp.cloud.tencent.com and cmg.ai.tencentcloudapi.com). That means anything you send may be transmitted to those external servers. For read/consultation tasks you do not need to provide credentials; only operations that change cloud resources require your Tencent AK/SK. Before installing or enabling the skill: - Confirm you are comfortable with user messages leaving your environment and being handled by the remote CMG/MSP service. Do not paste secrets or sensitive internal details you wouldn't want sent externally. - If you must enable authenticated operations, avoid putting long-lived AK/SK into shell rc files if you can use more secure or scoped credentials (temporary, least privilege, or a dedicated service account). The SKILL.md contradicts itself about writing AK/SK to disk — treat the 'do not write to files or logs' statement as the safer policy. - Review the included Python scripts locally (migrateq_sse_api.py and check_env.py) yourself to confirm no unexpected endpoints, logging, or persistent storage of secrets. - Test the skill in an isolated environment (or with non-production credentials) before using it with production accounts. The inconsistencies observed (credential guidance and return-code/version-check mismatches) look like sloppy documentation rather than obviously malicious behavior, but they do increase the chance of accidental secret exposure — exercise caution.

Capability Analysis

Type: OpenClaw Skill Name: migraq Version: 1.1.4 The MigraQ skill bundle is a legitimate integration for Tencent Cloud's migration services (CMG/MSP). It acts as a proxy, forwarding user queries to official Tencent Cloud endpoints (cmg.ai.tencentcloudapi.com and msp.cloud.tencent.com) using standard TC3-HMAC-SHA256 signing for authentication. The included Python scripts (migrateq_sse_api.py and check_env.py) are well-structured, use standard libraries, and follow security best practices by reading credentials from environment variables without logging them. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.

Capability Assessment

ℹ Purpose & Capability

Name/description, network endpoints, and included Python scripts align with a Tencent Cloud migration front-end that forwards queries and optionally performs authenticated calls. Requiring only python3 is proportionate. One minor inconsistency: the registry metadata lists no required env vars/primary credential, while the SKILL.md and scripts clearly use TENCENTCLOUD_SECRET_ID/TENCENTCLOUD_SECRET_KEY in authenticated scenarios (but those are optional for most read/analysis flows). This is explainable but should be documented more clearly.

⚠ Instruction Scope

SKILL.md instructs the agent to forward user input verbatim to remote CMG/MSP endpoints (expected), and to run scripts/migrateq_sse_api.py. However there are contradictions in how credentials are handled: the front-matter and security notes state 'AK/SK 仅在鉴权场景使用，不写入文件或日志' while the user guidance explicitly shows shell commands that write AK/SK into ~/.zshrc / persistent user environment—i.e., instructions both say 'do not write' and show commands that persist secrets to disk. The routed behavior (sending raw user text to external endpoints) is a privacy surface the user must accept; the skill gives broad discretion to forward all non-meta intents to remote services.

✓ Install Mechanism

No install spec; code is provided as Python scripts and requires python3. No downloads from arbitrary URLs or package managers. This is a lower-risk install surface because nothing is fetched at install time.

⚠ Credentials

The scripts legitimately need Tencent AK/SK for write operations (TC3 signing). That is proportionate for an agent that may perform resource changes. However: (1) the skill metadata declares no required env vars which can hide that authenticated operations require secrets; (2) SKILL.md contains contradictory guidance about not writing AK/SK to files while also instructing the user how to echo them into ~/.zshrc (persisting them). Those contradictions increase the risk of accidental secret exposure and reduce clarity about what is strictly required.

✓ Persistence & Privilege

The skill does not request always:true and does not claim to modify other skills or system-wide agent settings. It suggests (user-run) persistent environment variable settings for convenience, which is standard but should be presented as optional. The scripts themselves do not appear to persist secrets to disk in the code paths shown.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install migraq
After installation, invoke the skill by name or use /migraq
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.4

- 改变自我介绍行为：对"你是谁""你能做什么"等身份/能力提问，改为转发到远端，由云端专家 Agent 回答，本地不再输出固定话术 - 其他核心逻辑、路由、错误处理等保持不变，功能无变更 - 版本号升级为 1.1.4

v1.1.3

**v1.1.3 重大更新：精简核心能力，全面升级架构，默认开箱即用** - 移除本地迁移领域知识文件，所有技术问题均转发远端，彻底杜绝本地幻觉与编造 - 默认支持售前咨询、资源扫描、选型推荐、成本分析等核心流程，无需配置密钥 - 仅在执行写操作（如迁移执行、资源/集群管理）时提示并引导鉴权 - 路由规则简化为“能转发就转发”，严格原话转发、上下文追加分隔明确 - 新增统一的错误处理与重试机制，用户体验更清晰 - 自我介绍、使用说明和鉴权配置流程全面优化，文档更易懂

v1.1.2

MigraQ 1.1.2 — 新增专家能力参考文档 - 新增了 references/expert-skills 系列文档，详细列举各领域迁移专家能力与常见操作说明 - 增加 references/faq.md 和 references/validation-issues.md，补充常见问题及校验说明 - 优化自我介绍及能力清单分流规则，更清晰区分静态/动态答复策略 - 明确本地回复与远端转发的行为约束和格式规范，提升回答一致性

v1.1.1

MigraQ 1.1.1 更新日志 - 新增“转发铁律”章节，强制要求 API 调用必须逐字转发用户原话，不得润色、改写、意图替换或翻译，防止大模型干预用户意图。 - 明确追加上下文的格式和分隔要求，规范上下文补充时的调用参数结构。 - 增加自检清单，提醒每次构造 question 参数时严格自查。 - 强调本章节规则优先级高于一切，违反任一条均视为 Bug。 - 其余文档内容保持不变。

v1.10.0

- 版本号从 1.0.9 升级到 1.0.10，修订版本号同步 - 未检测到文件内容的其他更改 - 该版本仅为文档或元数据中的版本号更新，无功能或流程变动

v1.0.9

MigraQ 1.0.9 - 统一输出格式的 JSON 字段由 input_tokens/output_tokens 修改为 prompt_tokens/completion_tokens，提升与主流 API 格式兼容性。 - 版本号从 1.0.8 升级为 1.0.9，其它功能、能力、使用说明无变化。

v1.0.8

- Version number updated to 1.0.8 in the SKILL.md front matter. - No functional or content changes; documentation and configurations remain as before.

v1.0.7

MigraQ 1.0.7 Changelog - 新增环境变量配置说明，强制引导用户采用持久化（永久生效）方案，确保密钥不会因终端重启失效。 - 明确自我介绍触发规则：首次及身份相关提问时展示，单次对话仅展示一次。 - 新增“必须等待脚本完整返回”要求，防止提前生成回答，确保答案来自官方迁移专家。 - Windows/Linux 配置方法、立即生效与验证步骤指引更完善。 - 其他用语、交互流程说明细节优化，提高用户指引准确性和安全性。

v1.0.6

# MigraQ v1.0.6 Changelog - 切换鉴权方式为腾讯云 TC3-HMAC-SHA256 原生签名，直连 CMG API（cmg.ai.tencentcloudapi.com，ap-shanghai）。 - 增加 Write、Grep 工具支持；调整网络权限，新增对 cmg.ai.tencentcloudapi.com 的访问。 - 前置环境检查与 Skill 版本管理逻辑强化，版本号读取自 SKILL.md front matter 并输出结构化 JSON，可提示用户新版本。 - 调用方式、常见错误码、权限声明等文档说明全面同步 TC3 API，支持 region 覆盖和 dry-run 调试模式。 - 明确版本号需双重维护，避免自检与 SkillHub 平台不一致。

v1.0.4

No user-visible changes in this version. - Version updated to 1.0.4 with no changes to code or documentation.

v1.0.3

- No code or documentation changes detected in this version. - Version number updated to 1.0.3.

v1.0.1

MigraQ v1.0.1 Changelog - Added icon file: icons/tencent_cloud_migration.svg - Removed metadata file: _skillhub_meta.json - Updated data handling and security documentation to clarify that secrets are passed via Authorization: Bearer header and are not written to files or logs. - Refined guidance and examples around environment variable configuration and key management. - Recommended minimum-permission sub-account usage for improved security.

v1.0.0

MigraQ 1.0.0 — Initial Release - Launches Tencent Cloud migration expert tool supporting cross-cloud resource scanning, spec matching, TCO analysis, and migration planning. - Enables secure AK/SK authentication via environment variables only. - Provides Python scripts for environment detection, SSE API calls, and session management. - SSE streaming interface (MigraQChatCompletions) for interactive migration consultation. - Unified JSON output format for all API responses. - Full cross-platform support (Windows/Linux/macOS) using Python. - Emphasizes security: no credentials stored/logged; connects only to internal Tencent Gateway.

Metadata

Slug migraq

Version 1.1.4

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 13

Frequently Asked Questions

What is MigraQ?

How do I install MigraQ?

Run "/install migraq" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MigraQ free?

Yes, MigraQ is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does MigraQ support?

MigraQ is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MigraQ?

It is built and maintained by HaoBin (@haobinaa); the current version is v1.1.4.

More Skills