← 返回 Skills 市场

Aliyun Cloudfw Manage

Name: Aliyun Cloudfw Manage
Author: cinience

作者 cinience · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install aliyun-cloudfw-manage

功能描述

Use when managing Alibaba Cloud Cloud Firewall (Cloudfw) via OpenAPI/SDK, including the user requests firewall policy/resource operations, change management,...

使用说明 (SKILL.md)

Category: service

Cloud Firewall

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for Cloud Firewall.

Workflow

Confirm region, resource identifiers, and desired action.
Discover API list and required parameters (see references).
Call API with SDK or OpenAPI Explorer.
Verify results with describe/list APIs.

AccessKey priority (must follow)

Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
Shared config file: ~/.alibabacloud/credentials

API discovery

Product code: Cloudfw
Default API version: 2017-12-07
Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

High-frequency operation patterns

Inventory/list: prefer List* / Describe* APIs to get current resources.
Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.

Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

python scripts/list_openapi_meta_apis.py

Optional overrides:

python scripts/list_openapi_meta_apis.py --product-code \x3CProductCode> --version \x3CVersion>

The script writes API inventory artifacts under the skill output directory.

Output policy

If you need to save responses or generated artifacts, write them under: output/aliyun-cloudfw-manage/

Validation

mkdir -p output/aliyun-cloudfw-manage
for f in skills/security/firewall/aliyun-cloudfw-manage/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/aliyun-cloudfw-manage/validate.txt

Pass criteria: command exits 0 and output/aliyun-cloudfw-manage/validate.txt is generated.

Output And Evidence

Save artifacts, command outputs, and API response summaries under output/aliyun-cloudfw-manage/.
Include key parameters (region/resource id/time range) in evidence files for reproducibility.

Prerequisites

Configure least-privilege Alibaba Cloud credentials before execution.
Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
If region is unclear, ask the user before running mutating operations.

References

Sources: references/sources.md

安全使用建议

Before installing or enabling this skill: (1) Require the publisher to update the skill metadata to declare the exact required env vars (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID) and the config path (~/.alibabacloud/credentials) so the platform can surface permission prompts. (2) Only provide least-privilege Alibaba Cloud credentials (narrow IAM policy) and test with read-only credentials first. (3) Review and run the included script locally to verify behavior (it fetches public metadata from api.aliyun.com). (4) If you allow autonomous invocation, restrict or audit mutating operations (Create/Update/Modify) — consider disabling autonomous invocation until metadata/behavior is clarified. (5) If the publisher cannot justify the missing metadata, treat the omission as a red flag and avoid giving credentials or enabling the skill for production use.

功能分析

Type: OpenClaw Skill Name: aliyun-cloudfw-manage Version: 1.0.0 The skill bundle is a legitimate tool for managing Alibaba Cloud Firewall resources. The included script `scripts/list_openapi_meta_apis.py` fetches API metadata from official Alibaba Cloud endpoints (api.aliyun.com) to assist the agent in discovering available operations, and the instructions in `SKILL.md` follow standard cloud credential management practices without any signs of malicious intent or data exfiltration.

能力评估

⚠ Purpose & Capability

The skill's stated purpose (manage Alibaba Cloud CloudFW) legitimately requires Alibaba Cloud credentials and region information. However, the registry metadata lists no required env vars, primary credential, or config paths even though SKILL.md explicitly prioritizes ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID and ~/.alibabacloud/credentials. This mismatch is incoherent: someone building this skill should declare those requirements.

⚠ Instruction Scope

SKILL.md instructs the agent to use environment variables and a shared credentials file (~/.alibabacloud/credentials), to call SDK/OpenAPI (including mutating Create/Update/Modify APIs), and to write artifacts under output/aliyun-cloudfw-manage/. Those instructions are reasonable for a CloudFW manager, but they reference reading credentials and potentially performing mutations while the package metadata does not surface or restrict those capabilities. The script included only fetches public API metadata from api.aliyun.com (expected).

✓ Install Mechanism

No install spec — instruction-only plus a small Python script that fetches metadata from the official api.aliyun.com endpoints. No remote, untrusted binary downloads or extraction. Low install risk.

⚠ Credentials

The credentials requested in SKILL.md (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and optional ALICLOUD_REGION_ID) are proportional to the stated purpose. The problem is they are not declared in the skill metadata (requires.env / primaryEnv) and the skill instructs reading ~/.alibabacloud/credentials without declaring that config path. This omission makes it unclear to users/administrators what secrets the skill will use or require.

✓ Persistence & Privilege

always is false and the skill does not request system-wide modification or persistent elevated privileges. The agent can invoke the skill autonomously by default (disable-model-invocation is false), which is platform-standard; combine this with the credential mismatch and you should be cautious about allowing autonomous runs that could perform mutating API calls.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install aliyun-cloudfw-manage
安装完成后，直接呼叫该 Skill 的名称或使用 /aliyun-cloudfw-manage 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of aliyun-cloudfw-manage, providing management and troubleshooting for Alibaba Cloud Cloud Firewall via OpenAPI/SDK. - Supports operations such as firewall policy/resource management, status checks, and workflow troubleshooting. - Implements API discovery, access credential priority, and a metadata-first workflow. - Includes scripts for API listing and artifacts output under `output/aliyun-cloudfw-manage/`. - Requires configuration of Alibaba Cloud credentials with a focus on security and reproducibility.

元数据

Slug aliyun-cloudfw-manage

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题