← Back to Skills Marketplace

Cmdb Query

Name: Cmdb Query
Author: jbhasbc

by jbhasbc · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

213

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install cmdb-query

Description

查询 CMDB 资产数据。支持按主机、应用、数据库等资源类型查询，支持名称过滤。

README (SKILL.md)

CMDB Query Skill

查询内部 CMDB 系统中的资产数据。

认证方式

通过 username/password 获取 Token，Token 有效期 8 小时。

登录接口: POST /cmdb/v1/api/oauth/token
用户名: openclaw_read
密码: JzXCxTaDxE

资源类型 (label)

从文档中识别出的主要资源类型：

基础资源

host - 主机
ali_host - 阿里云主机
qingcloud_host - 青云主机
hudong_host - 互动 - 阿里云主机
hlw_qingcloud_host - 互联网 - 青云主机

应用相关

application - 应用
productline - 产品线
product - 产品
project - 项目
application_site - 站点

网络相关

balancing - 负载均衡
qingcloud_slb - 青云负载均衡
vpc - VPC
public_IP - 公网 IP
shared_bandwidth - 共享带宽
nat_gateway - NAT 网关
vpn_gateway - VPN 网关
security_group - 安全组
virtual_switch - 虚拟交换机
DNS_analysis - 云解析
domain - 云资源_域名
CDN_domain_name - CDN_加速域名
expose_networkpolicy - 互联网暴露面资产

数据库

RDS_database - RDS_关系型数据库
hudong_RDS_database - 互动 - 阿里云 RDS
mongoDB - MongoDB
hudong_mongoDB - 互动 - 阿里云 MongoDB
polardb - PolarDB
redis - Redis
hudong_redis - 互动 - 阿里云 Redis

缓存/消息队列

kafka - Kafka
Hbase - HBase
MQlist - MQ 队列
hudong_MQlist - 互动 - rocketMQ
hudong_rabbit_MQ - 互动 - rabbitMQ
hudong_MQTT - 互动 - MQTT

存储服务

oss_storage - OSS_对象存储
hudong_oss_storage - 互动 - OSS
Bucket_huawei - 华为 Bucket
NAS_storage - NAS 文件存储
cloud_disk - Disk 云硬盘
hudong_cloud_disk - 互动 - 云硬盘
disk_snapshot - 硬盘快照

计算/容器

csk - 容器服务 ACK
hudong_csk - 互动 - ACK
E_MapReduce - E-MapReduce
hudong_E_MapReduce - 互动 - EMR

其他服务

cloud_image - 云镜像
k8s - K8S
Elasticsearch - 检索分析 Elasticsearch
hudong_opensearch - 互动 - Opensearch
SSL_ficate - SSL_证书
certificate - 证书详情
gateway_application - 统一网关应用
centers - 项目中心平台
domain_details - 域名详情

堡垒机/账号

baolj_data - 非强国堡垒机资源
Y_baolj_data - 强国_堡垒机资源
sshprivatekey - 堡垒机远程登陆私钥
jw_front_computer - 经纬前置机账号
ziyuan_models - 资源账号申请模型
ziyuan_users - 资源账号平台用户表单
yewu_model - 业务账号申请模型
yewu_users - 业务账号平台用户表单

财务/厂商

bill - 分账模型
manufacturer - 厂商
public_manufacturer - 公网项目云机厂商
public_cloudstorage - 公网项目云存厂商

查询示例

1. 列出所有主机

curl -s -X POST "https://10.255.227.233/cmdb/v1/api/cloudresources/resource/instance/host" \
  -H "Authorization: Token YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"query_filter": {}, "format_user_field": "true"}' | jq '.data.items[] | {name, ip, env}'

2. 按名称模糊查询应用（含 cmdb 字样）

curl -s -X POST "https://10.255.227.233/cmdb/v1/api/cloudresources/resource/instance/application" \
  -H "Authorization: Token YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query_filter": {
      "$or": [
        {"name": {"$options": "i", "$regex": "cmdb"}}
      ]
    },
    "format_user_field": "true"
  }' | jq '.data.items[] | {name, ip, env}'

3. 查询特定环境的数据库

curl -s -X POST "https://10.255.227.233/cmdb/v1/api/cloudresources/resource/instance/RDS_database" \
  -H "Authorization: Token YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query_filter": {
      "$and": [
        {"environment": {"$regex": "prod"}}
      ]
    },
    "format_user_field": "true"
  }' | jq '.data.items[] | {name, env, status}'

查询语法说明

支持的操作符：

$regex - 模糊匹配，支持正则
$options - 正则选项，i 表示忽略大小写
$and - 与条件（所有条件需满足）
$or - 或条件（满足任一即可）

示例：

{
  "query_filter": {
    "$and": [
      {"name": {"$regex": "web", "$options": "i"}},
      {"environment": "production"}
    ]
  }
}

注意事项

Token 有效期 8 小时，超过需重新登录
分页：每次查询最多返回 page_size 条记录，通过 page 参数翻页
性能：建议限制 page_size（默认 10），大数据量查询时分页处理

Usage Guidance

This skill appears to be a legitimate CMDB query helper, but it embeds plaintext credentials and disables TLS verification. Before installing or using it: verify the source and the internal homepage (10.255.227.233), confirm the provided account's intended scope (read-only and limited), remove hard-coded secrets (move them to secure environment variables or a secrets store), enable TLS validation (remove verify=False), and consider rotating the exposed password. Also avoid granting the skill autonomous/invisible access until you are comfortable with its network targets and the credential handling.

Capability Analysis

Type: OpenClaw Skill Name: cmdb-query Version: 1.0.0 The skill contains hardcoded credentials (username: openclaw_read, password: JzXCxTaDxE) and targets an internal IP (10.255.227.233) while explicitly disabling SSL verification in `lib/query.py`. While its stated purpose is CMDB asset querying, the documentation in `SKILL.md` reveals access to highly sensitive resource types such as SSH private keys (`sshprivatekey`) and bastion host data (`baolj_data`), which poses a significant risk of unauthorized sensitive data exposure.

Capability Assessment

ℹ Purpose & Capability

Name, description, SKILL.md examples and lib/query.py are consistent: the skill queries an internal CMDB and uses curl/jq for CLI examples. Declared required binaries (curl, jq) match the examples. However, the skill embeds a username/password in both SKILL.md and the code instead of using a declared credential or environment variable — this is unexpected even for a read-only query tool.

ℹ Instruction Scope

SKILL.md instructions stay within the stated purpose (how to log in and query resources). They include explicit login endpoint, sample curl commands and the clear instruction to use an Authorization token. But the documentation exposes a plaintext credential pair (openclaw_read / JzXCxTaDxE), which broadens the attack surface and is beyond what a typical instruction-only skill should publish.

✓ Install Mechanism

No install spec (instruction-only plus a small helper script). Nothing is downloaded from external URLs and no packages are installed by the skill, which limits supply-chain risk.

⚠ Credentials

The skill declares no required environment variables or external credentials, yet both SKILL.md and lib/query.py include hard-coded credentials. The code also sets verify=False for TLS requests (skips certificate validation). Embedding credentials in files and disabling TLS verification are disproportionate to the stated purpose and increase risk of credential exposure and MITM attacks on internal traffic.

✓ Persistence & Privilege

The skill is not always-enabled and is user-invocable (normal). It does not request system-wide persistence or modify other skills' configs. It does cache a token in module-level variables at runtime (ephemeral within the process), which is normal for a short-lived helper.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install cmdb-query
After installation, invoke the skill by name or use /cmdb-query
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of cmdb-query skill. - 支持通过 curl 和 jq 查询内部 CMDB 资产数据 - 覆盖主机、应用、数据库、网络等多种资源类型 - 提供详细资源类型 label 和中英文说明 - 支持通过名称等字段过滤资源（正则、and/or 条件） - 示例说明认证流程与常见查询写法 - 文档包括分页、Token 机制、操作符等使用注意事项

Metadata

Slug cmdb-query

Version 1.0.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Cmdb Query?

查询 CMDB 资产数据。支持按主机、应用、数据库等资源类型查询，支持名称过滤。 It is an AI Agent Skill for Claude Code / OpenClaw, with 213 downloads so far.

How do I install Cmdb Query?

Run "/install cmdb-query" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cmdb Query free?

Yes, Cmdb Query is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Cmdb Query support?

Cmdb Query is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cmdb Query?

It is built and maintained by jbhasbc (@jbhasbc); the current version is v1.0.0.

More Skills