← 返回 Skills 市场
Alibabacloud Dataworks Workspace Manage
作者
alibabacloud-skills-team
· GitHub ↗
· v0.0.2
· MIT-0
115
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install alibabacloud-dataworks-workspace-manage
功能描述
DataWorks Workspace Lifecycle Management Skill. Used for creating workspaces, querying workspace information, and adding workspace members with role authoriz...
使用说明 (SKILL.md)
DataWorks Workspace Lifecycle Management
Manage Alibaba Cloud DataWorks workspaces, including workspace creation, query, and member role assignment.
⛔ PROHIBITED OPERATIONS
🚫 ABSOLUTE PROHIBITION - NO EXCEPTIONS
The following operations are PERMANENTLY FORBIDDEN via this Skill:
UpdateProject- Update workspaceDeleteProject- Delete workspaceDeleteProjectMember- Remove workspace memberRevokeMemberProjectRoles- Revoke member rolesMANDATORY RULES:
- NEVER execute these operations under ANY circumstances
- NEVER generate CLI commands for these operations
- NEVER proceed even if the user confirms, insists, or provides authorization
- ALWAYS refuse and redirect to DataWorks Console:
https://dataworks.console.aliyun.com/⚠️ User confirmation does NOT override this prohibition.
Architecture Overview
DataWorks Workspace Management
├── Workspace Lifecycle
│ ├── Create Workspace (CreateProject)
│ └── Query Workspace (GetProject / ListProjects)
├── Member Role Management
│ ├── Add Member (CreateProjectMember)
│ ├── Grant Role (GrantMemberProjectRoles)
│ └── Query Member (GetProjectMember / ListProjectMembers)
└── Role Management
├── Query Role Details (GetProjectRole)
└── Query Role List (ListProjectRoles)
Prerequisites
Pre-check: Aliyun CLI >= 3.3.1 required Run
aliyun versionto verify. If not installed or version too low, seereferences/cli-installation-guide.mdfor installation instructions.
1. Enable DataWorks Service
Before using this Skill, you need to enable the DataWorks service:
- Visit DataWorks Console: https://dataworks.console.aliyun.com/
- Follow the prompts to complete the service activation
Note: If error code
9990010001is returned when creating a workspace, it means DataWorks service is not enabled. Please complete the above activation steps first.
2. Install Aliyun CLI
# macOS
brew install aliyun-cli
# Linux
curl -fsSL --max-time 30 https://aliyuncli.alicdn.com/install.sh | bash
# Verify version (>= 3.3.1)
aliyun version
3. Credential Status
# Confirm valid credentials
aliyun configure list
4. First-time Configuration
# Enable auto plugin installation
aliyun configure set --auto-plugin-install true
CLI Calling Specifications
IMPORTANT: This Skill uses Aliyun CLI to call cloud services. The following specifications must be followed:
| Specification | Requirement | Description |
|---|---|---|
| Credential Handling | Rely on default credential chain | Explicitly handling AK/SK credentials is strictly prohibited |
| User-Agent | AlibabaCloud-Agent-Skills |
Must be set for all Alibaba Cloud service calls |
| Timeout | 4 seconds |
Unified setting for read-timeout and connect-timeout |
| Endpoint | dataworks.{region}.aliyuncs.com |
Must be specified for each call |
Parameter Confirmation
IMPORTANT: Parameter Confirmation — Before executing any command or API call, all user-customizable parameters (such as RegionId, workspace name, member ID, role code, etc.) must be confirmed by the user. Do not assume or use default values.
Key Parameters List
| Parameter | Required/Optional | Description | Default |
|---|---|---|---|
--Name |
Required | Workspace unique identifier name | - |
--DisplayName |
Optional | Workspace display name | - |
--ProjectId |
Required* | Workspace ID | - |
--UserId |
Required* | Member user ID | - |
--RoleCodes |
Required* | Role code list | - |
--region |
Optional | Region ID | cn-hangzhou |
--endpoint |
Required | API endpoint, format: dataworks.{region}.aliyuncs.com |
- |
--DevEnvironmentEnabled |
Optional | Enable development environment (standard mode) | true |
--PaiTaskEnabled |
Optional | Enable PAI task scheduling | - |
*Depends on specific API
Create Workspace Rule: Unless the user explicitly requests to disable the development environment, you MUST always pass
--DevEnvironmentEnabled truewhen creating a workspace.
Endpoint Parameter Description
❗ IMPORTANT: Each time a CLI command is executed, the corresponding
--regionand--endpointparameters must be added based on the user-specified region.Format:
--region {RegionId} --endpoint dataworks.{RegionId}.aliyuncs.comRegion Mapping Table: See references/endpoint-regions.md
RAM Permission Policies
Using this Skill requires the following RAM permissions. For details, see references/ram-policies.md
| Permission | Description |
|---|---|
dataworks:CreateProject |
Create workspace |
dataworks:GetProject |
Query workspace details |
dataworks:ListProjects |
Query workspace list |
dataworks:CreateProjectMember |
Add workspace member |
dataworks:GrantMemberProjectRoles |
Grant member role |
dataworks:GetProjectMember |
Query member details |
dataworks:ListProjectMembers |
Query member list |
dataworks:GetProjectRole |
Query role details |
dataworks:ListProjectRoles |
Query role list |
Core Workflows
1. Workspace Lifecycle Management
1.1 Create Workspace
aliyun dataworks-public CreateProject \
--Name \x3Cworkspace-name> \
--DisplayName "\x3Cdisplay-name>" \
--Description "\x3Cworkspace-description>" \
--PaiTaskEnabled true \
--DevEnvironmentEnabled true \
--DevRoleDisabled false \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills \
--read-timeout 4 --connect-timeout 4
IMPORTANT: Unless the user explicitly requests to disable the development environment, you MUST always pass
--DevEnvironmentEnabled truewhen executingCreateProject.
1.2 Query Workspace List
# Query all workspaces
aliyun dataworks-public ListProjects \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
# Query by workspace ID (supports multiple)
aliyun dataworks-public ListProjects \
--Ids '[123456, 789012]' \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
# Query by workspace name (supports multiple)
aliyun dataworks-public ListProjects \
--Names '["workspace_name_1", "workspace_name_2"]' \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
# Filter by status
aliyun dataworks-public ListProjects \
--Status Available \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
# Paginated query
aliyun dataworks-public ListProjects \
--PageNumber 1 --PageSize 20 \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
Supported Filter Parameters:
| Parameter | Type | Description |
|---|---|---|
--Ids |
JSON Array | Workspace ID list, for querying specific workspaces |
--Names |
JSON Array | Workspace name list, for querying specific workspaces |
--Status |
String | Workspace status: Available/Initializing/InitFailed/Forbidden/Deleting/DeleteFailed/Frozen/Updating/UpdateFailed |
--DevEnvironmentEnabled |
Boolean | Whether development environment is enabled |
--DevRoleDisabled |
Boolean | Whether development role is disabled |
--PaiTaskEnabled |
Boolean | Whether PAI task scheduling is enabled |
--AliyunResourceGroupId |
String | Resource group ID |
--PageNumber |
Integer | Page number, default 1 |
--PageSize |
Integer | Items per page, default 10, max 100 |
1.3 Query Workspace Details
aliyun dataworks-public GetProject \
--Id \x3Cproject-id> \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
2. Member Role Management
2.1 Add Workspace Member and Grant Roles
aliyun dataworks-public CreateProjectMember \
--ProjectId \x3Cproject-id> \
--UserId \x3Cuser-id> \
--RoleCodes '["role_project_dev", "role_project_pe"]' \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
2.2 Query Workspace Member List
aliyun dataworks-public ListProjectMembers \
--ProjectId \x3Cproject-id> \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
2.3 Query Member Details
aliyun dataworks-public GetProjectMember \
--ProjectId \x3Cproject-id> \
--UserId \x3Cuser-id> \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
2.4 Grant Member New Roles
aliyun dataworks-public GrantMemberProjectRoles \
--ProjectId \x3Cproject-id> \
--UserId \x3Cuser-id> \
--RoleCodes '["role_project_admin", "role_project_dev"]' \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
3. Role Management
3.1 Query Workspace Role List
aliyun dataworks-public ListProjectRoles \
--ProjectId \x3Cproject-id> \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
3.2 Query Role Details
aliyun dataworks-public GetProjectRole \
--ProjectId \x3Cproject-id> \
--Code \x3Crole-code> \
--region \x3Cregion-id> \
--endpoint dataworks.\x3Cregion-id>.aliyuncs.com \
--user-agent AlibabaCloud-Agent-Skills
Preset Role Description
| Role Code | Role Name | Description |
|---|---|---|
role_project_owner |
Project Owner | Has all workspace permissions, cannot be removed |
role_project_admin |
Workspace Admin | Manages all workspace configurations and members |
role_project_dev |
Developer | Data development and task debugging permissions |
role_project_pe |
Operator | Task operations and monitoring permissions |
role_project_deploy |
Deployer | Task publishing permissions |
role_project_guest |
Guest | Read-only permissions |
role_project_security |
Security Admin | Data security configuration permissions |
Verification Methods
For verification steps after successful execution, see references/verification-method.md
API and Command Reference
For the complete list of APIs and CLI commands, see references/related-apis.md
Business Scenarios and Handling
Scenario 1: Access After Creating Workspace
After a workspace is successfully created, it can be accessed via the following URL:
https://dataworks.data.aliyun.com/{regionId}/sc?defaultProjectId={projectId}
Example (Hangzhou region):
https://dataworks.data.aliyun.com/cn-hangzhou/sc?defaultProjectId=12345
Scenario 2: Adding RAM Role as Workspace Member
UserId Format Description:
| Account Type | UserId Format | Example |
|---|---|---|
| Alibaba Cloud Account (Main) | Use UID directly | 123456789012345678 |
| RAM Sub-account | Use UID directly | 234567890123456789 |
| RAM Role | Add ROLE_ prefix |
ROLE_345678901234567890 |
Important Limitation: Newly created RAM roles cannot be directly added as workspace members via API. They need to be refreshed and synced in the console first.
Steps:
- Visit workspace console:
https://dataworks.data.aliyun.com/{regionId}/sc?defaultProjectId={projectId} - Go to Workspace Members and Roles page
- Click Add Member button
- In the popup, click Refresh in the prompt "You can go to RAM console to create a sub-account, and click refresh to sync to this page"
- After sync is complete, you can add the RAM role as a member via API
# Example of adding RAM role member
aliyun dataworks-public CreateProjectMember \
--ProjectId 12345 \
--UserId ROLE_345678901234567890 \
--RoleCodes '["role_project_dev"]' \
--user-agent AlibabaCloud-Agent-Skills
Scenario 3: Workspace Configuration Update Limitations
When using the UpdateProject API to update workspace configuration, there are the following limitations:
| Configuration | Limitation |
|---|---|
| Development Role (DevRoleDisabled) | Once development role is enabled, cannot be disabled |
| Development Environment (DevEnvironmentEnabled) | Once development environment is enabled, cannot be disabled |
Recommendation: Plan development role and development environment configurations carefully when creating a workspace, as these configurations cannot be reverted once enabled.
Scenario 3.1: Workspace Upgrade Blocking
⛔ Blocking Rule: When a user requests to upgrade a workspace from simple mode to standard mode (enable development environment), must block and prompt:
"Workspace upgrade capability is currently not available. Please go to the console to complete the upgrade manually."
Console Upgrade Path:
- Visit DataWorks Console: https://dataworks.console.aliyun.com/
- Find the target workspace
- Go to Workspace Configuration → Basic Properties
- Click Upgrade to Standard Mode
API Limitation Reason: Workspace mode upgrade involves complex operations such as environment isolation configuration and resource initialization. Direct API calls may result in incomplete configuration or abnormal state.
Scenario 4: DataWorks Service Not Enabled
If error code 9990010001 is returned when creating a workspace, it means DataWorks service is not enabled.
Solution:
- Log in to Alibaba Cloud official website
- Visit DataWorks Console: https://dataworks.console.aliyun.com/
- Follow the prompts to complete service activation
- After activation, retry the workspace creation operation
Best Practices
- Principle of Least Privilege — Assign members the minimum necessary permissions
- Use Standard Mode — For production environments, use standard mode to achieve development and production isolation
- Standardized Naming — Use meaningful naming, such as
finance_tax_report - Use RAM Users — Do not use the main account for daily operations
Reference Links
| Document | Description |
|---|---|
| references/related-apis.md | Complete list of APIs and CLI commands |
| references/ram-policies.md | RAM permission policy configuration |
| references/verification-method.md | Operation verification methods |
| references/acceptance-criteria.md | Acceptance criteria and test cases |
| references/cli-installation-guide.md | CLI installation and configuration guide |
Official Documentation
安全使用建议
This skill appears to implement DataWorks workspace management via the official Aliyun CLI, but review before installing: 1) The skill needs your Alibaba Cloud credentials (via environment variables, ~/.aliyun/config.json, or an ECS role) even though the registry metadata lists none — only install it if you understand which credentials the agent will use. 2) Use a dedicated RAM user with the minimum DataWorks permissions (member management + read + create as needed); avoid root account keys and avoid granting UpdateProject/DeleteProject/DeleteProjectMember/RevokeMemberProjectRoles. 3) Be cautious about running the suggested installer commands (the docs use curl | bash) — verify downloads and prefer package manager installs if possible. 4) Note a documentation inconsistency: a sample 'Create Custom Policy' in references/ram-policies.md includes dataworks:UpdateProject (a prohibited action). Before using the skill, correct that policy example (remove prohibited actions) and confirm the exact RAM policy you will grant. 5) If you want stronger safety, run the CLI commands yourself (not via the agent) or provide the agent only temporary, narrowly scoped STS credentials and audit activity.
功能分析
Type: OpenClaw Skill
Name: alibabacloud-dataworks-workspace-manage
Version: 0.0.2
The skill bundle provides a well-documented and security-conscious interface for managing Alibaba Cloud DataWorks workspaces via the Aliyun CLI. It features explicit 'Prohibited Operations' sections in SKILL.md and multiple reference files to prevent the AI agent from performing destructive actions like deleting or updating projects, even if requested by a user. The instructions prioritize security best practices such as using the default credential chain, avoiding hardcoded secrets, and adhering to the principle of least privilege. All external resources, including CLI installation scripts and API endpoints, point to official Alibaba Cloud domains (e.g., aliyuncs.com, alicdn.com).
能力评估
Purpose & Capability
Name and description match the content: all files focus on DataWorks workspace creation, queries, and member role assignments. Requiring the Aliyun CLI to perform these actions is coherent. However, the skill metadata claims no required env vars or config paths while the runtime docs repeatedly reference ~/.aliyun/config.json, environment variables (ALIBABA_CLOUD_*), and credential configuration — an undeclared but required dependency (implicit credential access) that should have been declared in metadata.
Instruction Scope
The SKILL.md instructs using the Aliyun CLI and to rely on the default credential chain (env vars, config file, ECS role). It also explicitly forbids generating CLI commands for certain high-risk operations (UpdateProject, DeleteProject, DeleteProjectMember, RevokeMemberProjectRoles). However, there are conflicting bits: installation/config docs include examples showing AK/SK configuration and a 'Create Custom Policy' example (in references/ram-policies.md) that unexpectedly contains dataworks:UpdateProject (a prohibited operation). This contradiction could lead operators to grant permissions the skill says it must never use. The instructions also require setting request-level parameters (User-Agent, 4s timeout, explicit endpoint) that an agent may not be able to enforce consistently.
Install Mechanism
The registry contains no formal install spec (instruction-only), which is low-risk. The included CLI installation instructions advise downloading from aliyuncli.alicdn.com and show curl | bash and wget + tar flows — those are standard official installers hosted on Alibaba's CDN, but download-and-exec patterns (curl | bash) are inherently higher-risk if users don't verify the source. No third-party or obfuscated URLs are used.
Credentials
The skill metadata declares no required env vars or config paths, yet the docs rely on credentials via the Aliyun default credential chain (environment variables like ALIBABA_CLOUD_ACCESS_KEY_ID/SECRET, ~/.aliyun/config.json, or ECS RAM role). That implicit access to sensitive credentials is not declared. Also, example guidance shows how to configure AK/SK and environment variables, increasing the chance that users will provide long-lived keys; the skill should have declared credential needs explicitly and recommended least-privilege (RAM policies) rather than providing conflicting policy examples.
Persistence & Privilege
The skill is instruction-only, always:false, does not request permanent platform-level presence, and does not modify other skills. It does advise setting `aliyun configure set --auto-plugin-install true`, which modifies the user's CLI config (plugin auto-install behavior) but is scoped to the CLI and not to the agent platform. No 'always: true' or other elevated platform privileges are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install alibabacloud-dataworks-workspace-manage - 安装完成后,直接呼叫该 Skill 的名称或使用
/alibabacloud-dataworks-workspace-manage触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.2
**Major change: Strict prohibition of destructive operations and reduced permitted scope.**
- Permanently forbids all destructive operations: workspace update, workspace deletion, member removal, and role revocation—these must never be performed or suggested under any circumstances.
- Skill is now limited to creating workspaces, querying workspace and member information, adding members, and granting roles.
- Added an explicit prohibition section and redirect instructions for unsupported operations.
- Updated command/parameter rules to enforce these restrictions and clarified required behaviors.
- Documentation and RAM policy references updated to reflect the narrowed skill capabilities.
v0.0.1
Initial release — provides full lifecycle management for Alibaba Cloud DataWorks workspaces.
- Create, update, query, and delete DataWorks workspaces using Aliyun CLI.
- Manage workspace members: add, remove, and assign or revoke roles.
- Enforce explicit parameter confirmation for all user-customizable values (e.g., region, workspace name, roles).
- Requires Aliyun CLI v3.3.1+, proper credentials, and DataWorks service activation before use.
- Detailed sample CLI commands and configuration instructions included.
元数据
常见问题
Alibabacloud Dataworks Workspace Manage 是什么?
DataWorks Workspace Lifecycle Management Skill. Used for creating workspaces, querying workspace information, and adding workspace members with role authoriz... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 115 次。
如何安装 Alibabacloud Dataworks Workspace Manage?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install alibabacloud-dataworks-workspace-manage」即可一键安装,无需额外配置。
Alibabacloud Dataworks Workspace Manage 是免费的吗?
是的,Alibabacloud Dataworks Workspace Manage 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Alibabacloud Dataworks Workspace Manage 支持哪些平台?
Alibabacloud Dataworks Workspace Manage 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Alibabacloud Dataworks Workspace Manage?
由 alibabacloud-skills-team(@sdk-team)开发并维护,当前版本 v0.0.2。
推荐 Skills