← 返回 Skills 市场
1108
总下载
0
收藏
2
当前安装
3
版本数
在 OpenClaw 中安装
/install alicloud-compute-swas-open
功能描述
Manage Alibaba Cloud Simple Application Server (SWAS OpenAPI 2020-06-01) resources end-to-end. Use for querying instances, starting/stopping/rebooting, execu...
使用说明 (SKILL.md)
Category: service
Simple Application Server (SWAS-OPEN 2020-06-01)
Use SWAS-OPEN OpenAPI to manage full SAS resources: instances, disks, snapshots, images, key pairs, firewall, Cloud Assistant, monitoring, tags, and lightweight databases.
Prerequisites
- Prepare AccessKey with least-privilege RAM user/role.
- Choose correct region and matching endpoint (public/VPC).
ALICLOUD_REGION_IDcan be used as default region; if unset choose the most reasonable region, ask user if unclear. - This OpenAPI uses RPC signing; prefer Python SDK or OpenAPI Explorer instead of manual signing.
SDK Priority
- Python SDK (preferred)
- OpenAPI Explorer
- Other SDKs
Python SDK quick query (instance ID / IP / plan)
Virtual environment is recommended (avoid PEP 668 system install restrictions).
python3 -m venv .venv
. .venv/bin/activate
python -m pip install alibabacloud_swas_open20200601 alibabacloud_tea_openapi alibabacloud_credentials
import os
from alibabacloud_swas_open20200601.client import Client as SwasClient
from alibabacloud_swas_open20200601 import models as swas_models
from alibabacloud_tea_openapi import models as open_api_models
def create_client(region_id: str) -> SwasClient:
config = open_api_models.Config(
region_id=region_id,
endpoint=f"swas.{region_id}.aliyuncs.com",
)
ak = os.getenv("ALICLOUD_ACCESS_KEY_ID") or os.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")
sk = os.getenv("ALICLOUD_ACCESS_KEY_SECRET") or os.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")
if ak and sk:
config.access_key_id = ak
config.access_key_secret = sk
return SwasClient(config)
def list_regions():
client = create_client("cn-hangzhou")
resp = client.list_regions(swas_models.ListRegionsRequest())
return [r.region_id for r in resp.body.regions]
def list_instances(region_id: str):
client = create_client(region_id)
resp = client.list_instances(swas_models.ListInstancesRequest(region_id=region_id))
return resp.body.instances
def main():
for region_id in list_regions():
for inst in list_instances(region_id):
ip = getattr(inst, "public_ip_address", None) or getattr(inst, "inner_ip_address", None)
spec = getattr(inst, "plan_name", None) or getattr(inst, "plan_id", None)
print(inst.instance_id, ip or "-", spec or "-", region_id)
if __name__ == "__main__":
main()
Python SDK scripts (recommended for inventory and summary)
- All-region instance inventory (TSV/JSON):
scripts/list_instances_all_regions.py - Count instances by plan:
scripts/summary_instances_by_plan.py - Count instances by status:
scripts/summary_instances_by_status.py - Fix SSH key-based access (custom port supported):
scripts/fix_ssh_access.py - Get current SSH port of an instance:
scripts/get_ssh_port.py
CLI Notes
aliyunCLI may not exposeswas-openas product name; prefer Python SDK. If CLI is mandatory, generate request examples in OpenAPI Explorer first, then migrate to CLI.
Workflow
- Confirm resource type and region (instance/disk/snapshot/image/firewall/command/database/tag).
- Identify API group and operation in
references/api_overview.md. - Choose invocation method (Python SDK / OpenAPI Explorer / other SDK).
- After mutations, verify state/results with query APIs.
Common Operation Map
- Instance query/start/stop/reboot:
ListInstances、StartInstance(s)、StopInstance(s)、RebootInstance(s) - Command execution:
RunCommandorCreateCommand+InvokeCommand; useDescribeInvocations/DescribeInvocationResult - Firewall:
ListFirewallRules/CreateFirewallRule(s)/ModifyFirewallRule/EnableFirewallRule/DisableFirewallRule - Snapshot/disk/image:
CreateSnapshot、ResetDisk、CreateCustomImageetc.
Cloud Assistant Execution Notes
- Target instance must be in Running state.
- Cloud Assistant agent must be installed (use
InstallCloudAssistant). - For PowerShell commands, ensure required modules are available on Windows instances.
- After execution, use
DescribeInvocationsorDescribeInvocationResultto fetch status and outputs.
See references/command-assistant.md for details.
Clarifying questions (ask when uncertain)
- What is the target region? Is VPC endpoint required?
- What are target instance IDs? Are they currently Running?
- What command/script type/timeout is needed? Linux or Windows?
- Do you need batch execution or scheduled execution?
Output Policy
If you need to save results or responses, write to:
output/compute-swas-open/
Validation
mkdir -p output/alicloud-compute-swas-open
for f in skills/compute/swas/alicloud-compute-swas-open/scripts/*.py; do
python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/alicloud-compute-swas-open/validate.txt
Pass criteria: command exits 0 and output/alicloud-compute-swas-open/validate.txt is generated.
Output And Evidence
- Save artifacts, command outputs, and API response summaries under
output/alicloud-compute-swas-open/. - Include key parameters (region/resource id/time range) in evidence files for reproducibility.
Prerequisites
- Configure least-privilege Alibaba Cloud credentials before execution.
- Prefer environment variables:
ALICLOUD_ACCESS_KEY_ID,ALICLOUD_ACCESS_KEY_SECRET, optionalALICLOUD_REGION_ID. - If region is unclear, ask the user before running mutating operations.
Workflow
- Confirm user intent, region, identifiers, and whether the operation is read-only or mutating.
- Run one minimal read-only query first to verify connectivity and permissions.
- Execute the target operation with explicit parameters and bounded scope.
- Verify results and save output/evidence files.
References
- API overview and operation groups:
references/api_overview.md - Endpoints and integration:
references/endpoints.md - Cloud Assistant highlights:
references/command-assistant.md - Official source list:
references/sources.md
安全使用建议
This skill appears to do what it says (manage Alibaba SWAS) and the included scripts match the documentation, but take these precautions before installing or running it:
- Credentials: The registry metadata does not declare required env vars, but the code and SKILL.md expect ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET (and optionally a security token and ALICLOUD_REGION_ID). Only provide least-privilege RAM credentials needed for intended operations; prefer temporary STS tokens where possible.
- Review scripts locally: fix_ssh_access modifies /etc/ssh/sshd_config (enabling PermitRootLogin yes and PubkeyAuthentication) and appends a public key to authorized_keys. That is a powerful mutating action — confirm target instance IDs and the exact public key before running. Ensure the script's --pubkey argument points to a public key file, not a private key.
- Start with read-only operations: run list_instances_all_regions.py and the summary scripts first to verify credentials and scope before running any mutating actions or RunCommand invocations.
- Confirm region/endpoints: SKILL.md instructs choosing the correct region and endpoint (public vs VPC). If unsure, the agent should ask you before mutating operations.
- Source trust: the skill's source is listed as unknown. If you require stronger assurance, ask the author/maintainer for provenance or run the scripts in a controlled environment first.
If you are comfortable reviewing the code and using least-privilege credentials, the skill is coherent with its purpose; otherwise treat it as untrusted until provenance and credential requirements are clarified.
功能分析
Type: OpenClaw Skill
Name: alicloud-compute-swas-open
Version: 1.0.2
The skill bundle provides tools for managing Alibaba Cloud Simple Application Server (SWAS) resources, including a script `scripts/fix_ssh_access.py` that performs remote command execution (RCE) via the Alibaba Cloud Assistant. This script modifies critical security configurations on remote instances, such as enabling 'PermitRootLogin' and injecting SSH keys into the authorized_keys file. While these actions are consistent with the stated administrative purpose, the inclusion of scripts that facilitate remote security weakening and arbitrary shell execution on cloud instances constitutes a high-risk capability.
能力评估
Purpose & Capability
Name/description (manage SWAS resources) align with the included scripts and SKILL.md: the package provides SDK examples and scripts to list instances, summarize inventory, query SSH port, and run a 'fix ssh access' operation via the SWAS RunCommand API. However, the registry metadata declares no required environment variables or primary credential, while both SKILL.md and all scripts expect Alibaba Cloud credentials (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and optional security token and region). This omission is an inconsistency that should be corrected but does not by itself indicate malicious intent.
Instruction Scope
SKILL.md and the reference docs focus on SWAS operations (list, start/stop, command execution, firewall, snapshots, etc.). The runtime instructions and scripts only interact with the Alibaba Cloud SWAS API and instance RunCommand invocation; they do not exfiltrate data to unknown external endpoints. Note: some scripts will execute commands on target instances (fix_ssh_access modifies /etc/ssh/sshd_config and authorized_keys), which is within the stated scope but is a privileged, mutating operation and should be used with user confirmation.
Install Mechanism
There is no install spec (instruction-only for dependencies). The skill includes Python scripts that rely on the official alibabacloud Python SDK packages (alibabacloud_swas_open20200601, alibabacloud_tea_openapi, alibabacloud_credentials) referenced in SKILL.md. No downloads from arbitrary URLs or other high-risk install behavior are present.
Credentials
The metadata lists no required env vars or primary credential, but SKILL.md and every script call os.getenv for ALICLOUD_ACCESS_KEY_ID / ALIBABA_CLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET / ALIBABA_CLOUD_ACCESS_KEY_SECRET, and optionally ALICLOUD_SECURITY_TOKEN. The skill legitimately needs Alibaba Cloud credentials to function; the omission in the registry metadata is an inconsistency that affects user understanding of what secrets will be required. Also, fix_ssh_access reads a local path defaulting to '~/.ssh/id_ed25519.pub' — it reads a public key file (not private key), which is reasonable but users should verify the path.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request permanent presence or attempt to modify other skills or system-wide agent settings. It will invoke API calls and RunCommand on instances, which are normal for this purpose.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install alicloud-compute-swas-open - 安装完成后,直接呼叫该 Skill 的名称或使用
/alicloud-compute-swas-open触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
batch publish from alicloud-skills on 2026-03-11
v1.0.1
Initial ClawHub publish for Alibaba Cloud skills with agents metadata.
v1.0.0
Initial ClawHub publish for Alibaba Cloud skills with agents metadata.
元数据
常见问题
Alicloud Compute Swas Open 是什么?
Manage Alibaba Cloud Simple Application Server (SWAS OpenAPI 2020-06-01) resources end-to-end. Use for querying instances, starting/stopping/rebooting, execu... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1108 次。
如何安装 Alicloud Compute Swas Open?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install alicloud-compute-swas-open」即可一键安装,无需额外配置。
Alicloud Compute Swas Open 是免费的吗?
是的,Alicloud Compute Swas Open 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Alicloud Compute Swas Open 支持哪些平台?
Alicloud Compute Swas Open 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Alicloud Compute Swas Open?
由 cinience(@cinience)开发并维护,当前版本 v1.0.2。
推荐 Skills