← 返回 Skills 市场

Alicloud Security Kms

Name: Alicloud Security Kms
Author: cinience

作者 cinience · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ⚠ suspicious

1151

总下载

当前安装

版本数

在 OpenClaw 中安装

/install alicloud-security-kms

功能描述

Manage Alibaba Cloud Key Management Service (KMS) via OpenAPI/SDK. Use whenever the user needs key lifecycle/resource operations, policy/configuration change...

使用说明 (SKILL.md)

Category: service

Key Management Service

Validation

mkdir -p output/alicloud-security-kms
python -m py_compile skills/security/key-management/alicloud-security-kms/scripts/list_openapi_meta_apis.py && echo "py_compile_ok" > output/alicloud-security-kms/validate.txt

Pass criteria: command exits 0 and output/alicloud-security-kms/validate.txt is generated.

Output And Evidence

Save KMS API discovery outputs and operation results in output/alicloud-security-kms/.
Keep at least one request parameter example per operation type.

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for KeyManagementService.

Workflow

Confirm region, resource identifiers, and desired action.
Discover API list and required parameters (see references).
Call API with SDK or OpenAPI Explorer.
Verify results with describe/list APIs.

AccessKey priority (must follow)

Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
Shared config file: ~/.alibabacloud/credentials

API discovery

Product code: Kms
Default API version: 2016-01-20
Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

High-frequency operation patterns

Inventory/list: prefer List* / Describe* APIs to get current resources.
Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.

Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

python scripts/list_openapi_meta_apis.py

Optional overrides:

python scripts/list_openapi_meta_apis.py --product-code \x3CProductCode> --version \x3CVersion>

The script writes API inventory artifacts under the skill output directory.

Output policy

If you need to save responses or generated artifacts, write them under: output/alicloud-security-kms/

Prerequisites

Configure least-privilege Alibaba Cloud credentials before execution.
Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
If region is unclear, ask the user before running mutating operations.

References

Sources: references/sources.md

安全使用建议

This skill's code and instructions are consistent with an Alibaba Cloud KMS helper, but its registry metadata fails to declare that it needs your Alibaba Cloud access key and secret. Before installing or invoking: (1) treat this as a skill that will require your ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET — only provide least-privilege credentials (prefer read-only or limited KMS permissions) and avoid long-lived full-admin keys; (2) review the included script locally to confirm it only fetches api.aliyun.com metadata (it does); (3) run first in a sandbox or with test account/keys; (4) ask the publisher to update the skill metadata to list the required env vars and primary credential so the platform can surface the exact secret requests; and (5) for any mutating operations, confirm region and ask the agent to prompt you before performing changes.

功能分析

Type: OpenClaw Skill Name: alicloud-security-kms Version: 1.0.3 The skill bundle is designed for managing Alibaba Cloud Key Management Service (KMS) and appears safe. It includes a Python script (scripts/list_openapi_meta_apis.py) that fetches public API metadata from official Alibaba Cloud endpoints (api.aliyun.com) to help the agent discover available service operations. The instructions in SKILL.md follow standard credential handling practices and do not contain any evidence of malicious intent, data exfiltration, or unauthorized execution.

能力评估

⚠ Purpose & Capability

The skill's stated purpose is Alibaba Cloud KMS management and the runtime instructions clearly require Alibaba Cloud credentials and access to OpenAPI metadata; that capability is coherent with the name and description. However, the registry metadata lists no required environment variables or primary credential even though SKILL.md requires ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET (and optionally ALICLOUD_REGION_ID) or a shared credentials file. The omission is an inconsistency between claimed requirements and declared requirements.

✓ Instruction Scope

SKILL.md gives narrow, expected instructions: discover API metadata, use SDK/OpenAPI to call KMS APIs, save outputs to output/alicloud-security-kms/, and prefer least-privilege credentials. It does not instruct reading unrelated system files or exfiltrating data to unusual endpoints. The only external network access is to api.aliyun.com for API metadata, which matches the skill purpose.

✓ Install Mechanism

No install spec is provided (instruction-only) and the only included code is a small Python script that fetches OpenAPI metadata from api.aliyun.com and writes JSON/MD to the local output directory. No downloads of arbitrary code, no archive extraction, and no non-standard binary installation are present.

⚠ Credentials

The SKILL.md expects sensitive credentials (ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET) and references a shared config path (~/.alibabacloud/credentials). Those are appropriate and proportionate for a KMS management skill, but they are not declared in the skill's metadata (required env vars / primary credential). That mismatch makes it unclear to the platform or user what secrets will be requested or needed.

✓ Persistence & Privilege

The skill does not request always:true, does not declare system-wide config changes, and is user-invocable with autonomous invocation allowed (the platform default). There is no evidence the skill tries to persist itself beyond normal outputs in its own output directory.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install alicloud-security-kms
安装完成后，直接呼叫该 Skill 的名称或使用 /alicloud-security-kms 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

batch publish from alicloud-skills on 2026-03-11

v1.0.2

batch publish from alicloud-skills on 2026-02-13

v1.0.1

Initial ClawHub publish for Alibaba Cloud skills with agents metadata.

v1.0.0

Initial ClawHub publish for Alibaba Cloud skills with agents metadata.

元数据

Slug alicloud-security-kms

版本 1.0.3

许可证 MIT-0

累计安装 2

当前安装数 2

历史版本数 4

常见问题