← 返回 Skills 市场
cinience

Aliyun Swas Manage

作者 cinience · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
87
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install aliyun-swas-manage
功能描述
Use when managing Alibaba Cloud Simple Application Server (SWAS OpenAPI 2020-06-01) resources end-to-end, including querying instances, starting/stopping/reb...
使用说明 (SKILL.md)

Category: service

Simple Application Server (SWAS-OPEN 2020-06-01)

Use SWAS-OPEN OpenAPI to manage full SAS resources: instances, disks, snapshots, images, key pairs, firewall, Cloud Assistant, monitoring, tags, and lightweight databases.

Prerequisites

  • Prepare AccessKey with least-privilege RAM user/role.
  • Choose correct region and matching endpoint (public/VPC).ALICLOUD_REGION_ID can be used as default region; if unset choose the most reasonable region, ask user if unclear.
  • This OpenAPI uses RPC signing; prefer Python SDK or OpenAPI Explorer instead of manual signing.

SDK Priority

  1. Python SDK (preferred)
  2. OpenAPI Explorer
  3. Other SDKs

Python SDK quick query (instance ID / IP / plan)

Virtual environment is recommended (avoid PEP 668 system install restrictions).

python3 -m venv .venv
. .venv/bin/activate
python -m pip install alibabacloud_swas_open20200601 alibabacloud_tea_openapi alibabacloud_credentials

import os
from alibabacloud_swas_open20200601.client import Client as SwasClient
from alibabacloud_swas_open20200601 import models as swas_models
from alibabacloud_tea_openapi import models as open_api_models


def create_client(region_id: str) -> SwasClient:
    config = open_api_models.Config(
        region_id=region_id,
        endpoint=f"swas.{region_id}.aliyuncs.com",
    )
    ak = os.getenv("ALICLOUD_ACCESS_KEY_ID") or os.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")
    sk = os.getenv("ALICLOUD_ACCESS_KEY_SECRET") or os.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")
    if ak and sk:
        config.access_key_id = ak
        config.access_key_secret = sk
    return SwasClient(config)


def list_regions():
    client = create_client("cn-hangzhou")
    resp = client.list_regions(swas_models.ListRegionsRequest())
    return [r.region_id for r in resp.body.regions]


def list_instances(region_id: str):
    client = create_client(region_id)
    resp = client.list_instances(swas_models.ListInstancesRequest(region_id=region_id))
    return resp.body.instances


def main():
    for region_id in list_regions():
        for inst in list_instances(region_id):
            ip = getattr(inst, "public_ip_address", None) or getattr(inst, "inner_ip_address", None)
            spec = getattr(inst, "plan_name", None) or getattr(inst, "plan_id", None)
            print(inst.instance_id, ip or "-", spec or "-", region_id)


if __name__ == "__main__":
    main()

Python SDK scripts (recommended for inventory and summary)

  • All-region instance inventory (TSV/JSON):scripts/list_instances_all_regions.py
  • Count instances by plan:scripts/summary_instances_by_plan.py
  • Count instances by status:scripts/summary_instances_by_status.py
  • Fix SSH key-based access (custom port supported):scripts/fix_ssh_access.py
  • Get current SSH port of an instance:scripts/get_ssh_port.py

CLI Notes

  • aliyun CLI may not expose swas-open as product name; prefer Python SDK. If CLI is mandatory, generate request examples in OpenAPI Explorer first, then migrate to CLI.

Workflow

  1. Confirm resource type and region (instance/disk/snapshot/image/firewall/command/database/tag).
  2. Identify API group and operation in references/api_overview.md.
  3. Choose invocation method (Python SDK / OpenAPI Explorer / other SDK).
  4. After mutations, verify state/results with query APIs.

Common Operation Map

  • Instance query/start/stop/reboot:ListInstancesStartInstance(s)StopInstance(s)RebootInstance(s)
  • Command execution:RunCommand or CreateCommand + InvokeCommand; use DescribeInvocations/DescribeInvocationResult
  • Firewall:ListFirewallRules/CreateFirewallRule(s)/ModifyFirewallRule/EnableFirewallRule/DisableFirewallRule
  • Snapshot/disk/image:CreateSnapshotResetDiskCreateCustomImage etc.

Cloud Assistant Execution Notes

  • Target instance must be in Running state.
  • Cloud Assistant agent must be installed (use InstallCloudAssistant).
  • For PowerShell commands, ensure required modules are available on Windows instances.
  • After execution, use DescribeInvocations or DescribeInvocationResult to fetch status and outputs.

See references/command-assistant.md for details.

Clarifying questions (ask when uncertain)

  1. What is the target region? Is VPC endpoint required?
  2. What are target instance IDs? Are they currently Running?
  3. What command/script type/timeout is needed? Linux or Windows?
  4. Do you need batch execution or scheduled execution?

Output Policy

If you need to save results or responses, write to: output/compute-swas-open/

Validation

mkdir -p output/aliyun-swas-manage
for f in skills/compute/swas/aliyun-swas-manage/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/aliyun-swas-manage/validate.txt

Pass criteria: command exits 0 and output/aliyun-swas-manage/validate.txt is generated.

Output And Evidence

  • Save artifacts, command outputs, and API response summaries under output/aliyun-swas-manage/.
  • Include key parameters (region/resource id/time range) in evidence files for reproducibility.

Prerequisites

  • Configure least-privilege Alibaba Cloud credentials before execution.
  • Prefer environment variables: ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID.
  • If region is unclear, ask the user before running mutating operations.

Workflow

  1. Confirm user intent, region, identifiers, and whether the operation is read-only or mutating.
  2. Run one minimal read-only query first to verify connectivity and permissions.
  3. Execute the target operation with explicit parameters and bounded scope.
  4. Verify results and save output/evidence files.

References

  • API overview and operation groups:references/api_overview.md
  • Endpoints and integration:references/endpoints.md
  • Cloud Assistant highlights:references/command-assistant.md
  • Official source list:references/sources.md
安全使用建议
Before installing or running this skill, consider the following: (1) the skill requires Alibaba Cloud API credentials (AK/SK, optional security token) and a region to operate, but the registry metadata does not declare them — you will need to provide credentials manually; only grant least-privilege RAM permissions needed for the operations you intend to run. (2) Several scripts perform mutating actions (Restarting sshd, modifying /etc/ssh/sshd_config, changing authorized_keys) — these can lock you out or change instance behavior; review and test in a non-production instance first and confirm target instance IDs and region before running. (3) fix_ssh_access reads your local public key (~/.ssh/id_ed25519.pub) by default and embeds it into a remote command; if you don't want any local files read or transmitted, supply an alternate pubkey or edit the script. (4) The package dependencies (Alibaba Cloud Python SDKs) are not installed automatically; run the recommended pip install in a virtual environment and verify versions. (5) There are minor inconsistencies in the SKILL.md output/validation paths (output/compute-swas-open vs output/aliyun-swas-manage) — check the workflow artifacts and adjust paths if you rely on the validate step. If you accept these issues, manually inspect the scripts and run only read-only queries first to confirm behavior.
功能分析
Type: OpenClaw Skill Name: aliyun-swas-manage Version: 1.0.0 The skill bundle provides comprehensive management for Alibaba Cloud Simple Application Server (SWAS) resources, including high-risk administrative capabilities. Specifically, `scripts/fix_ssh_access.py` and `scripts/get_ssh_port.py` utilize the Alibaba Cloud 'RunCommand' API to execute shell scripts as root on remote instances to modify SSH configurations (e.g., enabling PermitRootLogin, adding public keys, and changing ports). While these actions are consistent with the stated purpose of managing and fixing server access, the ability to perform remote code execution and alter security settings represents a significant attack surface if the agent is subjected to prompt injection, although no evidence of intentional malice or data exfiltration was found.
能力评估
Purpose & Capability
Name/description match the included code and references (SWAS OpenAPI operations and Cloud Assistant). However the skill does not declare any required environment variables or primary credential while the instructions and all scripts clearly expect Alibaba Cloud credentials (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional security token and region). This mismatch is a meaningful incoherence: a cloud-management skill legitimately needs those credentials but the registry metadata does not list them.
Instruction Scope
SKILL.md and the scripts instruct the agent to perform read and mutating operations via the SWAS RunCommand API (including restarting SSH, modifying /etc/ssh/sshd_config, inserting authorized_keys). The fix_ssh_access script reads a local public key file (~/.ssh/id_ed25519.pub) and embeds its contents into a remote command — that is an explicit local file read and will transmit that content to the instance via the cloud API. The runtime instructions expect mutating actions and require confirmation of region/instance IDs, but they also default behaviors (e.g., default pubkey path) that may be surprising. The instructions reference environment variables that are not declared in metadata.
Install Mechanism
There is no install spec (instruction-only), which reduces installer risk. However the SKILL.md recommends installing Python packages (alibabacloud_swas_open20200601, alibabacloud_tea_openapi, alibabacloud_credentials) and the scripts require those SDKs at runtime. The registry metadata does not declare or install these dependencies automatically — users must run pip in a venv themselves. This is expected but worth calling out.
Credentials
The scripts and SKILL.md expect full Alibaba Cloud API credentials (AK/SK and optionally temporary security token) and an optional region env var. Those are high-sensitivity credentials appropriate for the stated cloud-management purpose — but the skill's metadata declares no required env vars or primary credential. Additionally, the skill reads a local file (~/.ssh/id_ed25519.pub) by default; while a public SSH key is not secret, reading local files is outside the cloud API domain and may be unexpected. The lack of declared credentials in metadata prevents the platform/user from making an informed grant decision.
Persistence & Privilege
The skill does not request always:true and does not persist or modify other skills or system-wide agent settings. It is user-invocable and allows model invocation (normal). No elevated platform persistence behavior was observed.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install aliyun-swas-manage
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /aliyun-swas-manage 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release with full Alibaba Cloud Simple Application Server (SWAS OpenAPI 2020-06-01) resource management: - Manage instances, disks, snapshots, images, firewall rules/templates, key pairs, tags, monitoring, and lightweight database operations. - Enables command execution via cloud assistant (supporting install, run, monitor). - Prefer Python SDK for operations; includes example scripts and workflow guidance. - Includes best practices for credential handling, region selection, and evidence output. - Provides validation steps, troubleshooting, and user clarification questions for safe operation.
元数据
Slug aliyun-swas-manage
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Aliyun Swas Manage 是什么?

Use when managing Alibaba Cloud Simple Application Server (SWAS OpenAPI 2020-06-01) resources end-to-end, including querying instances, starting/stopping/reb... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 87 次。

如何安装 Aliyun Swas Manage?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install aliyun-swas-manage」即可一键安装,无需额外配置。

Aliyun Swas Manage 是免费的吗?

是的,Aliyun Swas Manage 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Aliyun Swas Manage 支持哪些平台?

Aliyun Swas Manage 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Aliyun Swas Manage?

由 cinience(@cinience)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论