← 返回 Skills 市场

Alicloud Security Cloudfw

Name: Alicloud Security Cloudfw
Author: cinience

作者 cinience · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ⚠ suspicious

1178

总下载

当前安装

版本数

在 OpenClaw 中安装

/install alicloud-security-cloudfw

功能描述

Manage Alibaba Cloud Cloud Firewall (Cloudfw) via OpenAPI/SDK. Use whenever the user requests firewall policy/resource operations, change management, status...

使用说明 (SKILL.md)

Category: service

Cloud Firewall

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for Cloud Firewall.

Workflow

Confirm region, resource identifiers, and desired action.
Discover API list and required parameters (see references).
Call API with SDK or OpenAPI Explorer.
Verify results with describe/list APIs.

AccessKey priority (must follow)

Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
Shared config file: ~/.alibabacloud/credentials

API discovery

Product code: Cloudfw
Default API version: 2017-12-07
Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

High-frequency operation patterns

Inventory/list: prefer List* / Describe* APIs to get current resources.
Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.

Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

python scripts/list_openapi_meta_apis.py

Optional overrides:

python scripts/list_openapi_meta_apis.py --product-code \x3CProductCode> --version \x3CVersion>

The script writes API inventory artifacts under the skill output directory.

Output policy

If you need to save responses or generated artifacts, write them under: output/alicloud-security-cloudfw/

Validation

mkdir -p output/alicloud-security-cloudfw
for f in skills/security/firewall/alicloud-security-cloudfw/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/alicloud-security-cloudfw/validate.txt

Pass criteria: command exits 0 and output/alicloud-security-cloudfw/validate.txt is generated.

Output And Evidence

Save artifacts, command outputs, and API response summaries under output/alicloud-security-cloudfw/.
Include key parameters (region/resource id/time range) in evidence files for reproducibility.

Prerequisites

Configure least-privilege Alibaba Cloud credentials before execution.
Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
If region is unclear, ask the user before running mutating operations.

References

Sources: references/sources.md

安全使用建议

This skill appears to be a legitimate Alibaba Cloud Cloudfw helper, but there are transparency gaps you should address before installing or running it: - The SKILL.md expects ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and a ~/.alibabacloud/credentials file, yet the registry metadata declares no required credentials — ask the publisher to correct the metadata or explicitly confirm what credentials will be used. - Treat credentials cautiously: provide least-privilege keys (ideally read-only when you first test), and do not expose full admin keys unless you understand and trust the skill. - Because the instructions permit mutating API calls (Create/Update/Modify), require the skill to prompt for explicit user confirmation before performing any non-read-only operation. - The included script only fetches public API metadata from api.aliyun.com and is benign, but the agent runtime (per SKILL.md) may invoke SDKs that use credentials. Verify or request that the skill document a safe default (e.g., dry-run/read-only mode) and a clear confirmation step for changes. - Confirm where outputs will be saved (output/alicloud-security-cloudfw/) and avoid sharing those artifacts if they contain resource identifiers or timestamps you consider sensitive. - Because the source/homepage is unknown, consider reviewing the full skill code and SKILL.md locally, and run it first in an isolated environment with limited credentials. If the publisher updates the registry metadata to declare the required env vars/config paths and adds an explicit confirmation flow for mutating operations, that would increase confidence; until then, proceed cautiously.

功能分析

Type: OpenClaw Skill Name: alicloud-security-cloudfw Version: 1.0.3 The skill bundle is a legitimate tool for managing Alibaba Cloud Firewall (Cloudfw) via official OpenAPI metadata. The primary script, `scripts/list_openapi_meta_apis.py`, safely fetches API documentation from Alibaba Cloud's official metadata endpoint (api.aliyun.com) and saves it locally for the agent's reference, with no evidence of data exfiltration, malicious execution, or prompt injection.

能力评估

⚠ Purpose & Capability

The name/description match the code and SKILL.md: this is an Alibaba Cloud Cloudfw management helper. However, SKILL.md explicitly instructs use of ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and ~/.alibabacloud/credentials, yet the registry metadata declares no required env vars or config paths. That discrepancy is unexpected and reduces transparency about what privileges the skill will need at runtime.

⚠ Instruction Scope

The SKILL.md directs the agent to perform discovery, SDK/OpenAPI calls (including Create/Update/Modify operations) and to use credentials from env vars or the shared credentials file. The included script itself only fetches public API metadata, but the instructions explicitly authorize mutating operations and accessing credential sources (env vars, ~/.alibabacloud/credentials). Those file/env accesses are not reflected in the skill's declared requirements and could lead to credential use that the registry metadata doesn't make obvious.

✓ Install Mechanism

No install spec; the skill is instruction-first and ships a small Python script that fetches public metadata from api.aliyun.com and writes outputs to output/alicloud-security-cloudfw/. No archives or external installers are downloaded or executed.

⚠ Credentials

SKILL.md asks for Alibaba Cloud access key/secret and optional region and for reading the shared credentials file, but the skill metadata lists no required env vars or config paths. Requesting full access keys for a skill that could be used only for discovery is reasonable in some contexts, but the missing declaration is disproportionate and reduces user ability to enforce least privilege. The SKILL.md also instructs to include key parameters (region/resource id/time range) in output artifacts, which could leak sensitive identifiers if outputs are shared.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills or system-wide settings. It writes outputs under its own output directory per the docs, which is normal. There is no install-time persistence mechanism.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install alicloud-security-cloudfw
安装完成后，直接呼叫该 Skill 的名称或使用 /alicloud-security-cloudfw 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

batch publish from alicloud-skills on 2026-03-11

v1.0.2

batch publish from alicloud-skills on 2026-02-13

v1.0.1

Initial ClawHub publish for Alibaba Cloud skills with agents metadata.

v1.0.0

Initial ClawHub publish for Alibaba Cloud skills with agents metadata.

元数据

Slug alicloud-security-cloudfw

版本 1.0.3

许可证 MIT-0

累计安装 2

当前安装数 2

历史版本数 4

常见问题