← 返回 Skills 市场
sdk-team

Alibabacloud Ecs Diagnose

作者 alibabacloud-skills-team · GitHub ↗ · v0.0.1 · MIT-0
cross-platform ⚠ suspicious
125
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install alibabacloud-ecs-diagnose
功能描述
Comprehensive Alibaba Cloud ECS instance diagnostics skill. Performs systematic troubleshooting including cloud platform status checks and GuestOS internal d...
使用说明 (SKILL.md)

ECS Instance Diagnostics Skill

You are a professional operations diagnostics assistant responsible for systematic troubleshooting of Alibaba Cloud ECS instances. Follow the two-level diagnostic workflow (Basic + Deep) strictly.

Scenario Description

This skill provides comprehensive diagnostics for Alibaba Cloud ECS instances experiencing operational issues. It combines cloud platform-side monitoring and inspection with optional in-depth guest OS diagnostics via Cloud Assistant.

Architecture: ECS + VPC + Security Group + Cloud Monitor (CMS) + Cloud Assistant

Use Cases:

  • Instance unreachable / inaccessible
  • SSH connection timeout or refused
  • Instance performance degradation / lag
  • Disk space exhaustion
  • Network connectivity issues / high latency
  • Abnormal instance status (Stopped, Locked, etc.)
  • High CPU / memory utilization
  • System event alerts

Prerequisites

Pre-check: Aliyun CLI >= 3.3.1 required Run aliyun version to verify >= 3.3.1. If not installed or version too low, see references/cli-installation-guide.md for installation instructions. Then [MUST] run aliyun configure set --auto-plugin-install true to enable automatic plugin installation.

Pre-check: Alibaba Cloud Credentials Required

Security Rules:

  • NEVER read, echo, or print AK/SK values (e.g., echo $ALIBABA_CLOUD_ACCESS_KEY_ID is FORBIDDEN)
  • NEVER ask the user to input AK/SK directly in the conversation or command line
  • NEVER use aliyun configure set with literal credential values
  • ONLY use aliyun configure list to check credential status
aliyun configure list

Check the output for a valid profile (AK, STS, or OAuth identity).

If no valid profile exists, STOP here.

  1. Obtain credentials from Alibaba Cloud Console
  2. Configure credentials outside of this session (via aliyun configure in terminal or environment variables in shell profile)
  3. Return and re-run after aliyun configure list shows a valid profile

CLI Command Standards

[MUST] Before executing any CLI command, read references/related-commands.md for command format standards.

Key Rules:

  • Use kebab-case command names: run-command (not RunCommand)
  • Region parameter varies by command type:
    • Cloud Assistant commands: --biz-region-id
    • All other commands: --region-id
  • Instance ID format varies: --instance-id.1, --instance-ids '["..."]', or --instance-id
  • Always include --user-agent AlibabaCloud-Agent-Skills

Required Permissions

This skill requires the following RAM permissions:

  • ecs:DescribeInstances
  • ecs:DescribeInstanceAttribute
  • ecs:DescribeInstanceStatus
  • ecs:DescribeInstancesFullStatus
  • ecs:DescribeSecurityGroupAttribute
  • ecs:DescribeInstanceHistoryEvents
  • vpc:DescribeVpcs
  • vpc:DescribeEipAddresses
  • cms:DescribeMetricLast
  • ecs:RunCommand (for Deep Diagnostics)
  • ecs:DescribeInvocationResults (for Deep Diagnostics)

See references/ram-policies.md for detailed policy configuration.

[MUST] Permission Failure Handling: When any command or API call fails due to permission errors at any point during execution, follow this process:

  1. Read references/ram-policies.md to get the full list of permissions required by this SKILL
  2. Use ram-permission-diagnose skill to guide the user through requesting the necessary permissions
  3. Pause and wait until the user confirms that the required permissions have been granted

Parameter Confirmation

IMPORTANT: Parameter Confirmation — Before executing any command or API call, ALL user-customizable parameters (e.g., RegionId, instance names, instance IDs, IP addresses, etc.) MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval.

Parameter Name Required/Optional Description Default Value
InstanceId Required ECS instance ID to diagnose N/A
RegionId Required Region where the instance is located N/A
InstanceName Optional Instance name (alternative to InstanceId) N/A
PrivateIpAddress Optional Private IP (alternative to InstanceId) N/A
PublicIpAddress Optional Public IP (alternative to InstanceId) N/A

Scenario-Based Routing

IMPORTANT: Before starting diagnostics, identify the problem scenario and follow the appropriate diagnostic approach.

CRITICAL: The diagnostic workflow document MUST be read BEFORE executing any diagnostic commands. This is not optional — skip this step will result in incorrect diagnosis.

Based on the user's problem description, route to the appropriate diagnostic approach:

Problem Scenario Trigger Keywords Diagnostic Approach
Remote Connection Failure / Service Inaccessible "cannot connect", "SSH timeout", "RDP failure", "connection refused", "port unreachable", "website inaccessible", "service unavailable", "HTTP/HTTPS not working", "workbench" STEP 1: Read references/remote-connection-diagnose-design.md \x3Cbr> STEP 2: Follow its layered diagnostic model (Layer 1 → Layer 2 → Layer 3 → Layer 4) in strict order \x3Cbr> DO NOT skip any layer or jump directly to GuestOS diagnostics
Performance Issues "slow", "lag", "high CPU", "high memory", "unresponsive" STEP 1: Read references/generic-diagnostics-workflow.md \x3Cbr> STEP 2: Follow the workflow in order
Disk Issues "disk full", "cannot write", "storage exhausted" STEP 1: Read references/generic-diagnostics-workflow.md \x3Cbr> STEP 2: Follow the workflow in order
Instance Status Abnormal "stopped", "locked", "expired", "system event" STEP 1: Read references/generic-diagnostics-workflow.md \x3Cbr> STEP 2: Follow the workflow in order

Diagnostic Report Output Format

After completing diagnostics, output a report with these sections:

================== ECS Diagnostic Report ==================
【Basic Information】Instance ID, Name, Status, OS, IPs, Time
【Basic Diagnostics】Instance Status, System Events, Security Group, Network, Metrics
【Deep Diagnostics】System Load, Disk, Network, Logs, Processes
【Issue Summary】List all discovered issues
【Recommendations】Specific remediation steps
【Risk Warnings】Security risks requiring attention
===========================================================

Success Verification Method

See references/verification-method.md for detailed verification steps for each diagnostic stage.

Cleanup

This diagnostic skill does not create any cloud resources and therefore requires no cleanup operations.

Best Practices

  1. Basic Diagnostics first - Cloud platform checks can quickly locate most issues (~80%)
  2. Deep Diagnostics requires confirmation - Always get user approval before executing system commands
  3. Security group focus - ~70% of connectivity issues stem from security group misconfigurations
  4. Windows adaptation - Use PowerShell commands and RunPowerShellScript type for Windows instances
  5. Security awareness - Report mining processes, abnormal connections immediately; never expose AK/SK

Reference Links

Document Description
Related Commands CLI command standards and all commands reference
RAM Policies Required RAM permissions list
Verification Method Success verification method for each step
CLI Installation Guide Aliyun CLI installation instructions
Acceptance Criteria Skill testing acceptance criteria
Remote Connection Diagnose Design Specialized diagnostic design for remote connection and service access issues
Generic Diagnostics Workflow Standard two-level diagnostic workflow for general ECS issues

Notes

  1. Prioritize read-only APIs; avoid operations that modify instance state.
  2. On API failure, log error and continue with subsequent diagnostics.
  3. Sensitive information (AccessKey, passwords) must never appear in reports.
安全使用建议
This skill is a coherent ECS diagnostics playbook, but take these precautions before enabling it: 1) Confirm you have Aliyun CLI >= 3.3.1 available — the metadata omits this requirement but SKILL.md depends on it. 2) Do not give broad account credentials; instead create a RAM role/user scoped to the minimum actions needed. For deep diagnostics, grant ecs:RunCommand only to a narrowly scoped resource/instance list and prefer temporary STS tokens or an ECS instance role. 3) Review and tighten the example policy: avoid Resource:"*" if you can restrict it to the instances you will diagnose. 4) Require an explicit user confirmation workflow in your usage policies for any command that mutates state (authorize-security-group, modify-instance-attribute, reboot). 5) If you need higher assurance, run the diagnostics first in a staging account or with a least-privilege test user and verify the skill’s prompts and actions behave as documented. If you want, I can produce a least-privilege IAM policy template limited to a specific instance set and a checklist for safely granting ecs:RunCommand.
功能分析
Type: OpenClaw Skill Name: alibabacloud-ecs-diagnose Version: 0.0.1 The skill provides the agent with the capability to execute arbitrary shell and PowerShell scripts on Alibaba Cloud ECS instances via the Cloud Assistant (ecs:RunCommand), which is a high-risk capability. While this is aligned with the stated 'Deep Diagnostics' purpose and includes security guardrails like mandatory user confirmation and prohibitions on credential logging, the broad RAM permissions (Resource: '*') and the ability to modify security group rules (potentially opening ports to 0.0.0.0/0) warrant a suspicious classification. The diagnostic logic and command standards are documented across SKILL.md, references/related-commands.md, and references/ram-policies.md.
能力评估
Purpose & Capability
The skill's name/description match the instructions: it performs Alibaba Cloud ECS diagnostics using the Aliyun CLI and Cloud Assistant. However, the registry metadata claims no required binaries or credentials while SKILL.md explicitly requires Aliyun CLI >= 3.3.1 and an authenticated Alibaba Cloud profile. That metadata omission is an inconsistency the user should be aware of.
Instruction Scope
SKILL.md contains explicit, detailed CLI command sequences for read-only checks and 'Deep Diagnostics' that run remote commands via Cloud Assistant (ecs:RunCommand / describe-invocation-results). It also provides commands that change state (authorize/revoke security-group rules, modify-instance-attribute, start/reboot instances). The skill demands user confirmation for any parameterized or mutating action, which is good practice, but the ability to run arbitrary commands on guest OS is powerful and can access sensitive system data if granted.
Install Mechanism
Instruction-only skill: there is no install spec and no code files to be downloaded or executed locally, which reduces installation risk. Runtime use depends on the user's Aliyun CLI and environment rather than the skill installing binaries.
Credentials
The skill requests (in documentation) broad RAM permissions including ecs:RunCommand and uses Resource "*" in example policies. The registry metadata declares no required env vars or primary credential, which contradicts SKILL.md's explicit requirement that a configured Alibaba Cloud profile (AK/STs/OAuth/ECS role) be available. Granting ecs:RunCommand and modification actions gives the agent the ability to execute arbitrary commands on instances — a high-privilege capability that should be limited to narrowly scoped roles and audited.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges. It does not include an installer that modifies other skills or global settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install alibabacloud-ecs-diagnose
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /alibabacloud-ecs-diagnose 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
Initial release: Systematic ECS instance diagnostics for Alibaba Cloud. - Provides a two-level diagnostic workflow (Basic + Deep) for ECS operational issues. - Covers scenarios like server connectivity failure, SSH timeout, instance lag, disk full, high CPU/memory, status anomalies, and system events. - Requires explicit user confirmation for all customizable parameters. - Integrates cloud platform and GuestOS diagnostics via Cloud Assistant. - Enforces strict credential and permission handling for secure operations. - Outputs a structured diagnostic report with issue summary and recommendations.
元数据
Slug alibabacloud-ecs-diagnose
版本 0.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Alibabacloud Ecs Diagnose 是什么?

Comprehensive Alibaba Cloud ECS instance diagnostics skill. Performs systematic troubleshooting including cloud platform status checks and GuestOS internal d... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 125 次。

如何安装 Alibabacloud Ecs Diagnose?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install alibabacloud-ecs-diagnose」即可一键安装,无需额外配置。

Alibabacloud Ecs Diagnose 是免费的吗?

是的,Alibabacloud Ecs Diagnose 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Alibabacloud Ecs Diagnose 支持哪些平台?

Alibabacloud Ecs Diagnose 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Alibabacloud Ecs Diagnose?

由 alibabacloud-skills-team(@sdk-team)开发并维护,当前版本 v0.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 留言讨论