← Back to Skills Marketplace
sdk-team

Alibabacloud Sas Overview

by alibabacloud-skills-team · GitHub ↗ · v0.0.2 · MIT-0
cross-platform ✓ Security Clean
125
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install alibabacloud-sas-overview
Description
Alibaba Cloud Security Center (SAS) Overview Data Query Skill. Retrieves security score, asset status, risk governance, asset risk trends, and billing info....
README (SKILL.md)

SAS Overview Data Query

Retrieves the 5 core modules of the Security Center (SAS) overview dashboard:

  1. Security Overview — score, fixed vulns, baseline risk, handled alerts
  2. Usage Info — service days, asset scale, uninstalled clients
  3. Security Operations — risk governance (AI risk, CSPM, key config, system vulns), security protection (WAF blocks), security response
  4. Asset Risk Trend — host/container/cloud product risk ratios + trend chart
  5. Billing & Subscription — post-pay switches, subscription validity, bills

Execution Scope: Each module and data item can be queried independently. Match the scope to the user's request:

  • Single data item — e.g., "What is my security score?" → only command 1a
  • Single module — e.g., "Show asset risk trend" → all of Module 4
  • Full overview — e.g., "SAS overview" → all 5 modules

Architecture: SAS + WAF + BssOpenApi

Prerequisites

Pre-check: Aliyun CLI >= 3.3.3 required Run aliyun version to verify >= 3.3.3. If not installed or version too low, run curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash to update, or see references/cli-installation-guide.md for installation instructions.

Pre-check: Aliyun CLI plugin update required [MUST] run aliyun configure set --auto-plugin-install true to enable automatic plugin installation. [MUST] run aliyun plugin update to ensure that any existing plugins are always up-to-date.

[MUST] Enable AI-Mode and set User-Agent — Before executing any aliyun CLI commands in this workflow, you MUST enable AI-Mode and set the User-Agent:

# [MUST] Enable AI-Mode before running any CLI commands
aliyun configure ai-mode enable

# [MUST] Set User-Agent for this skill
aliyun configure ai-mode set-user-agent --user-agent "AlibabaCloud-Agent-Skills/alibabacloud-sas-overview"

Install required CLI plugins:

aliyun plugin install --names aliyun-cli-sas aliyun-cli-waf-openapi aliyun-cli-bssopenapi

Pre-check: Alibaba Cloud Credentials Required

Security Rules:

  • NEVER read, echo, or print AK/SK values (e.g., echo $ALIBABA_CLOUD_ACCESS_KEY_ID is FORBIDDEN)
  • NEVER ask the user to input AK/SK directly in the conversation or command line
  • NEVER use aliyun configure set with literal credential values
  • ONLY use aliyun configure list to check credential status
aliyun configure list

Check the output for a valid profile (AK, STS, or OAuth identity).

If no valid profile exists, STOP here.

  1. Obtain credentials from Alibaba Cloud Console
  2. Configure credentials outside of this session (via aliyun configure in terminal or environment variables in shell profile)
  3. Return and re-run after aliyun configure list shows a valid profile

Parameters

IMPORTANT: Parameter Confirmation — Before executing any command or API call, ALL user-customizable parameters (e.g., RegionId, WAF InstanceId, BillingCycle, etc.) MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval.

Parameter Required Description Default
Regions Yes SAS regions to aggregate data from cn-shanghai, ap-southeast-1
WAF Instance ID Auto-fetched Auto-fetched via WAF DescribeInstance for DescribeFlowChart Auto
Billing Cycle Only for billing Billing month in YYYY-MM format Current month
Time Range No Days of history for score/trend queries 7 (last 7 days)

RAM Permissions

See references/ram-policies.md for the full RAM policy JSON.

Required: AliyunYundunSASReadOnlyAccess, AliyunWAFReadOnlyAccess, AliyunBSSReadOnlyAccess.

Core Workflow

Based on the user's query, execute the relevant module(s) below. Each module — and each data item within a module — can be executed independently. For APIs marked multi-region, always query both cn-shanghai and ap-southeast-1, then sum the results.

Module 1: Security Overview

# 1a. Security Score (region-agnostic)
aliyun sas describe-secure-suggestion --cal-type home_security_score --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Extract: Score field from response as current security score
#
# NOTE: DescribeScreenScoreThread is currently unavailable (CalType not supported).
# Once supported, switch to the command below for score + historical trend:
#   START=$(python3 -c "import time; print(int((time.time()-86400*7)*1000))")
#   END=$(python3 -c "import time; print(int(time.time()*1000))")
#   aliyun sas describe-screen-score-thread \
#     --cal-type home_security_score \
#     --start-time "$START" --end-time "$END" \
#     --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
#   Extract: Data.SocreThread[-1] = current score, full SocreThread list = historical trend

# 1b. Fixed Vulnerabilities (multi-region: sum FixTotal)
aliyun sas describe-vul-fix-statistics --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
aliyun sas describe-vul-fix-statistics --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview

# 1c. Baseline Risk Statistics (multi-region: sum each Summary field)
aliyun sas get-check-risk-statistics --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
aliyun sas get-check-risk-statistics --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Extract: Summary.RiskCheckCnt, Summary.RiskWarningCnt,
#          Summary.HandledCheckTotal, Summary.HandledCheckToday
# Sum each field across regions

# 1d. Handled Alerts (multi-region: sum SuspiciousDealtCount)
aliyun sas get-defence-count --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
aliyun sas get-defence-count --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview

Module 2: Usage Info

# 2a. Service Duration + Subscription (region-agnostic)
aliyun sas describe-version-config --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Check IsPaidUser first:
#   IsPaidUser == true  → Extract CreateTime, calculate (now - CreateTime) as days
#   IsPaidUser == false → Service duration not applicable, display N/A
# Extract: ReleaseTime → subscription expiry (pre-pay only)

# 2b. Host Asset Info (multi-region: sum TotalCount and Cores)
aliyun sas describe-cloud-center-instances \
  --region cn-shanghai --machine-types ecs --current-page 1 --page-size 20 \
  --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
aliyun sas describe-cloud-center-instances \
  --region ap-southeast-1 --machine-types ecs --current-page 1 --page-size 20 \
  --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Extract: PageInfo.TotalCount (sum across regions) for host count
# Extract: Sum all instances' Cores field for total core count
# Optionally list host details if user requests

# 2c. Uninstalled Clients (multi-region: sum TotalCount)
aliyun sas list-uninstall-aegis-machines --region cn-shanghai --current-page 1 --page-size 1 --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
aliyun sas list-uninstall-aegis-machines --region ap-southeast-1 --current-page 1 --page-size 1 --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview

Module 3: Security Operations

3a. Risk Governance (region-agnostic, single API call)

aliyun sas describe-secure-suggestion --cal-type home_security_score --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Process Suggestions[] by SuggestType:
#   SS_AI_RISK → AI Risk (SubType not fixed, e.g. SSI_AISPM_RISK; analyze Description for unknown SubTypes)
#     Aggregate riskCount by region
#   SS_SAS_CLOUD_HC → CSPM risks (aggregate by HIGH/MEDIUM/LOW and region)
#     Cloud: SSI_SAS_CLOUD_HC_HIGH / MEDIUM / LOW
#     Host:  SSI_SAS_HOST_HC_HIGH / MEDIUM / LOW
#   SS_KEY_CONFIG → Key Config (SubType not fixed; analyze Description for unknown SubTypes)
#     Aggregate RiskCount by region
#   SS_SAS_SYS_VUL → System Vulns (aggregate by HIGH/MEDIUM/LOW and region)
#     SSI_SAS_SYS_VUL_HIGH / SSI_SAS_SYS_VUL_MEDIUM / SSI_SAS_SYS_VUL_LOW

3b. Security Protection — WAF Blocks (multi-region, two-step)

# Step 1: Get WAF Instance ID (per region)
aliyun waf-openapi describe-instance --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
aliyun waf-openapi describe-instance --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Extract: InstanceId from each region's response

# Step 2: Query WAF flow chart using each region's InstanceId
START_SEC=$(python3 -c "import time; print(int(time.time()-86400*7))")
aliyun waf-openapi describe-flow-chart \
  --region cn-shanghai \
  --instance-id "\x3CInstanceId from cn-shanghai>" \
  --start-timestamp "$START_SEC" \
  --interval 3600 \
  --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
aliyun waf-openapi describe-flow-chart \
  --region ap-southeast-1 \
  --instance-id "\x3CInstanceId from ap-southeast-1>" \
  --start-timestamp "$START_SEC" \
  --interval 3600 \
  --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Sum all WafBlockSum values from both regions

3c. Security Response

# Currently no data (N/A)

Module 4: Asset Risk Trend

# 4a. Host Assets (multi-region)
aliyun sas describe-cloud-center-instances \
  --region cn-shanghai --machine-types ecs --current-page 1 --page-size 1 \
  --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Extract: PageInfo.TotalCount

aliyun sas describe-field-statistics \
  --region cn-shanghai \
  --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Extract: GroupedFields.RiskInstanceCount
# Repeat for ap-southeast-1, sum both

# 4b. Container Assets (multi-region)
aliyun sas describe-container-field-statistics \
  --region cn-shanghai \
  --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Extract: ClusterCount, RiskClusterCount
# Repeat for ap-southeast-1, sum both

# 4c. Cloud Product Assets (multi-region)
aliyun sas get-cloud-asset-summary \
  --region cn-shanghai \
  --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Extract: GroupedFields.InstanceCountTotal, GroupedFields.InstanceRiskCountTotal
# Repeat for ap-southeast-1, sum both

# 4d. Trend Chart Data (multi-region)
START_MS=$(python3 -c "import time; print(int((time.time()-86400*7)*1000))")
END_MS=$(python3 -c "import time; print(int(time.time()*1000))")
aliyun sas describe-chart-data \
  --region cn-shanghai \
  --chart-id CID_ASSET_RISK_TREND \
  --report-id -1 \
  --time-start "$START_MS" --time-end "$END_MS" \
  --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Returns time series: host / container / cloud risk counts

Module 5: Billing & Subscription

# 5a. Query billing mode (from Module 2a response, can reuse cached result)
aliyun sas describe-version-config --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# Check IsPaidUser field to determine billing mode:
#
# If IsPaidUser == true → Pre-pay (subscription) user:
#   Extract CreateTime → purchase date (convert ms timestamp to YYYY-MM-DD)
#   Extract ReleaseTime → expiry date (convert ms timestamp to YYYY-MM-DD)
#
# If IsPaidUser == false → Post-pay user:
#   Extract PostPayModuleSwitch (JSON string — must parse)
#   Map codes to product names using the table below:
#     POST_HOST → Host and Container Security
#     VUL → Vulnerability Fixing
#     CSPM → CSPM
#     CTDR → Agentic SOC
#     AGENTLESS → Agentless Detection
#     SERVERLESS → Serverless Asset Protection
#     RASP → Application Protection
#     SDK → Malicious File Detection
#     CTDR_STORAGE → Log Management
#     ANTI_RANSOMWARE → Anti-ransomware
#   Value 1 = Enabled, 0 = Disabled

# 5c. Billing Details (try each region, skip on permission error)
BILLING_CYCLE=$(date +%Y-%m)
aliyun bssopenapi query-bill \
  --region cn-shanghai \
  --billing-cycle "$BILLING_CYCLE" --product-code sas \
  --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# If the above returns a permission error, skip cn-shanghai and continue

aliyun bssopenapi query-bill \
  --region ap-southeast-1 \
  --billing-cycle "$BILLING_CYCLE" --product-code sas \
  --user-agent AlibabaCloud-Agent-Skills/alibabacloud-sas-overview
# If the above returns a permission error, skip ap-southeast-1 and continue
# Aggregate results from whichever regions succeeded

Product Code Mapping

Product Name Code Status Values
Host and Container Security POST_HOST 1: Enabled, 0: Disabled
Vulnerability Fixing VUL 1: Enabled, 0: Disabled
CSPM CSPM 1: Enabled, 0: Disabled
Agentic SOC CTDR 1: Enabled, 0: Disabled
Agentless Detection AGENTLESS 1: Enabled, 0: Disabled
Serverless Asset Protection SERVERLESS 1: Enabled, 0: Disabled
Application Protection RASP 1: Enabled, 0: Disabled
Malicious File Detection SDK 1: Enabled, 0: Disabled
Log Management CTDR_STORAGE 1: Enabled, 0: Disabled
Anti-ransomware ANTI_RANSOMWARE 1: Enabled, 0: Disabled

Data Processing Rules

  1. Multi-region aggregation: APIs requiring regions must query cn-shanghai + ap-southeast-1 separately, then sum the numeric results.
  2. Timestamps: SAS APIs use millisecond timestamps. WAF APIs use second timestamps.
  3. PostPayModuleSwitch: Is a JSON string — must JSON.parse() / json.loads() before reading.
  4. Score extraction: Use Score field from DescribeSecureSuggestion response as current score. Note: DescribeScreenScoreThread is currently unavailable (CalType not supported); once supported, switch to using the last element of Data.SocreThread[] as current score and the full list as historical trend.
  5. N/A fields: Security Response Events have no data — display "N/A".
  6. Timestamp formatting: Convert ms timestamps to YYYY-MM-DD HH:mm:ss for display.

Success Verification

See references/verification-method.md for step-by-step verification commands.

Cleanup

This skill is read-only (query operations only). No resources are created, so no cleanup is needed.

[MUST] Disable AI-Mode after workflow completion — Once the workflow is finished, you MUST disable AI-Mode:

aliyun configure ai-mode disable

Best Practices

  1. Always query both cn-shanghai and ap-southeast-1 for multi-region APIs before aggregating.
  2. Cache the DescribeVersionConfig response — it is used by both Module 2 and Module 5.
  3. Use --cli-query (JMESPath) to extract specific fields and reduce output noise.
  4. Set --page-size 1 when only TotalCount is needed (e.g., ListUninstallAegisMachines).
  5. WAF DescribeFlowChart requires a valid WAF instance ID — auto-fetch via DescribeInstance first; query both cn-shanghai and ap-southeast-1.
  6. Billing queries (QueryBill) require --region — try each region (cn-shanghai, ap-southeast-1) in turn; skip any region that returns a permission error.
  7. All timestamps returned by SAS are in milliseconds — divide by 1000 for human-readable conversion.

Reference Links

Document Content
references/related-apis.md Full API and CLI command reference table
references/ram-policies.md Required RAM permissions and policies
references/verification-method.md Step-by-step verification commands
references/acceptance-criteria.md Correct/incorrect CLI patterns
references/cli-installation-guide.md CLI installation guide
overview-sop.md Original SOP document with full data mapping
Usage Guidance
This skill appears coherent and limited to read-only queries against Alibaba Cloud services via the official aliyun CLI. Before using it: 1) ensure you have only read-only RAM policies attached to the profile you use; 2) do not paste credentials into the chat—configure them locally or use an instance role/STS token; 3) if you must install the CLI, prefer vetted package managers (brew, distro packages) or inspect the setup.sh from aliyuncli.alicdn.com before running curl | bash; 4) confirm the skill only runs the modules you asked for (the skill emphasizes executing only relevant modules). If you need lower risk, run the listed commands manually in a terminal instead of granting the agent autonomous execution.
Capability Analysis
Type: OpenClaw Skill Name: alibabacloud-sas-overview Version: 0.0.2 The alibabacloud-sas-overview skill bundle is a legitimate tool for querying Alibaba Cloud Security Center (SAS) data. It uses the official Aliyun CLI to aggregate security scores, asset risks, and billing information across regions. The instructions in SKILL.md include strong security guardrails, such as prohibiting the display or input of credentials and requiring user confirmation for parameters. While it references a curl|bash installation method in the prerequisites, the source is the official Alibaba Cloud CDN (alicdn.com), and the overall behavior is strictly aligned with its stated read-only purpose.
Capability Tags
cryptorequires-walletcan-make-purchasesrequires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The skill's name/description align with the actions in SKILL.md: it runs aliyun CLI commands against SAS, WAF, and BssOpenApi to collect overview data. Required permissions (read-only SAS/WAF/BSS) and multi-region aggregation are consistent with the stated purpose.
Instruction Scope
All runtime instructions are limited to querying read-only APIs via the aliyun CLI, confirming parameters with the user, and aggregating multi-region results. The SKILL.md explicitly forbids reading or echoing AK/SK and instructs the operator to configure credentials outside the session, which reduces scope-creep risk. It does recommend enabling aliyun CLI ai-mode and setting a User-Agent (for telemetry/identification), which is within the skill's operational needs.
Install Mechanism
The skill is instruction-only (no automatic install). However SKILL.md suggests installing/updating the aliyun CLI and plugins and includes a curl | bash install command pointing to aliyuncli.alicdn.com (Alibaba's official CDN). While the host appears legitimate, piping a remote script to bash is a higher-risk action—inspect the script before running, or prefer platform package managers (brew, distro packages) when available.
Credentials
The skill declares no required environment variables and does not request unrelated credentials. It requires the user to have Alibaba Cloud credentials (AK/SK, STS, or instance role) configured for the CLI, and documents the minimal read-only RAM policies needed. The requested secrets are proportional to the task and the skill explicitly instructs not to echo or solicit AK/SK in conversation.
Persistence & Privilege
The skill does not request permanent inclusion (always:false) and has no install-time code that would write persistent binaries or modify other skills. It asks the user to enable aliyun CLI ai-mode and set a User-Agent for the CLI configuration; this modifies only the CLI configuration and is explained in the documentation.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install alibabacloud-sas-overview
  3. After installation, invoke the skill by name or use /alibabacloud-sas-overview
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.2
**Summary: v0.0.2 introduces required CLI updates, AI-Mode, and stricter prerequisites.** - Raised minimum Aliyun CLI version requirement to 3.3.3 and added plugin update instructions. - **[NEW]** Explicit requirement to enable AI-Mode and set User-Agent before executing any CLI commands. - Clarified/prepended all shell examples and workflow steps to mandate use of the correct User-Agent string for this skill. - Updated prerequisite checks and installation steps for CLI and plugins in documentation. - Improved security and parameter confirmation instructions throughout.
v0.0.1
- Initial release of the alibabacloud-sas-overview skill. - Enables querying Alibaba Cloud Security Center (SAS) overview data, including security score, asset status, risk governance, risk trends, and billing info. - Flexible query scope: single data item, whole module, or full SAS overview based on user request. - Requires Aliyun CLI ≥ 3.3.1, relevant CLI plugins, and proper Alibaba Cloud credentials (no credential handling in-conversation). - Out of scope: no remediation actions or modification of settings—overview data queries only.
Metadata
Slug alibabacloud-sas-overview
Version 0.0.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Alibabacloud Sas Overview?

Alibaba Cloud Security Center (SAS) Overview Data Query Skill. Retrieves security score, asset status, risk governance, asset risk trends, and billing info.... It is an AI Agent Skill for Claude Code / OpenClaw, with 125 downloads so far.

How do I install Alibabacloud Sas Overview?

Run "/install alibabacloud-sas-overview" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Alibabacloud Sas Overview free?

Yes, Alibabacloud Sas Overview is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Alibabacloud Sas Overview support?

Alibabacloud Sas Overview is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Alibabacloud Sas Overview?

It is built and maintained by alibabacloud-skills-team (@sdk-team); the current version is v0.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments