← 返回 Skills 市场

Byted Vefaas Skills

Name: Byted Vefaas Skills
Author: volcengine-skills

作者 volcengine-skills · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install byted-vefaas-skills

功能描述

Deploy and manage serverless applications on Volcengine veFaaS. Use when the user wants to deploy web apps, manage functions (pull code, upload and deploy),...

使用说明 (SKILL.md)

vefaas: Volcengine FaaS CLI

vefaas is the command-line tool for Volcengine Function Service (veFaaS). It enables serverless application deployment, function management, and configuration through a streamlined workflow.

Installation

npm i -g https://vefaas-cli.tos-cn-beijing.volces.com/volcengine-vefaas-latest.tgz

Verify installation:

vefaas --version

Core Workflow

The typical deployment pattern:

Check Node.js: node --version (requires >= 18, recommended 20+)
- If version is too low, switch using nvm (nvm use 20) or fnm (fnm use 20), or manually install a newer version
Check CLI: vefaas --version to verify installation
Check Auth: vefaas login --check to verify login status
- If not logged in, run vefaas login --sso (opens browser, auto-completes when user authorizes - no manual input needed)
Deploy: vefaas deploy --newApp \x3Cname> --gatewayName $(vefaas run listgateways --first) --yes
Access: vefaas domains to view URLs

Quick Commands

Purpose	Command
Check auth	`vefaas login --check`
Login (SSO)	`vefaas login --sso` (non-interactive: opens browser, auto-completes when authorized, recommended)
Login (AK/SK)	`vefaas login --accessKey \x3CAK> --secretKey \x3CSK>`
Init from template	`vefaas init --template \x3Cname>`
Deploy new app	`vefaas deploy --newApp \x3Cname> --gatewayName $(vefaas run listgateways --first) --yes`
Deploy existing	`vefaas deploy --app \x3Cname> --yes`
List gateways	`vefaas run listgateways --first`
View URLs	`vefaas domains`
Set env var	`vefaas env set KEY VALUE`
View config	`vefaas config list`
Pull code	`vefaas pull --func \x3Cname>`
Inspect project	`vefaas inspect`

Global Options

Option	Description
`-d, --debug`	Enable debug mode for troubleshooting
`--yes`	Non-interactive mode (required for CI/AI coding)
`--region`	Region override (e.g., cn-beijing)

Cookbooks

Step-by-step guides for common scenarios:

Template Quickstart - Create and deploy from official templates
Deploy Existing Code - Deploy your existing project
Manage Functions - Manage functions (pull code, upload and deploy)

References

Detailed documentation on specific topics:

Authentication - Login methods and credentials
Configuration - Config files and settings
Environment Variables - Managing env vars
Framework Detection - Supported frameworks and auto-detection
Troubleshooting - Debug mode, common issues, and solutions

Important Notes

Always use --yes for non-interactive mode in CI/CD and AI coding scenarios
Use $(vefaas run listgateways --first) to get an available gateway
Config is stored in .vefaas/config.json after linking
Use --debug or -d to troubleshoot issues

安全使用建议

This skill appears to be a normal guide for the Volcengine veFaaS CLI, but there are a few red flags you should consider before installing or running its commands: - Source provenance: the skill gives an npm tarball URL rather than a GitHub release or well-known package registry and the registry metadata has no homepage or source. Verify the install URL with an official Volcengine/veFaaS page before running it. - Installing risk: npm i -g <tarball> will execute code from that tarball. If you can't confirm the origin, avoid installing globally on your main machine; consider using an isolated environment (container/VM) or inspecting the tarball contents first. - Credentials and secrets: the docs instruct uses of VOLC_ACCESS_KEY_ID/VOLC_SECRET_ACCESS_KEY, SSO, and importing .env files. Expect credentials to be stored under ~/.vefaas/auth.json and debug logs to contain full API responses — review and secure those files and avoid importing files that contain unnecessary secrets. - Least privilege: if you must use AK/SK, create keys with minimal privileges (not root/admin) and rotate them after use. - Audit logs/config: after use, inspect ~/.vefaas/ (logs and auth.json) and remove any sensitive files you don't want persisted. Prefer SSO or short-lived STS tokens where possible. If you cannot verify the install URL or vendor provenance, do not install globally on a trusted host.

功能分析

Type: OpenClaw Skill Name: byted-vefaas-skills Version: 1.0.0 The skill bundle provides a legitimate integration for the Volcengine veFaaS (Function as a Service) CLI. It includes comprehensive documentation for managing serverless applications, including authentication via SSO or AK/SK, environment variable management, and deployment workflows. The installation source (volces.com) is the official domain for Volcengine, and the tool's capabilities are consistent with standard cloud provider CLI functionality without evidence of malicious intent or data exfiltration.

能力评估

✓ Purpose & Capability

Name/description align with the instructions and cookbooks: all commands are about installing and using the veFaaS CLI to deploy and manage functions, set env vars, pull/push code, and view configs.

ℹ Instruction Scope

The SKILL.md and cookbooks instruct running many vefaas CLI commands (login, deploy, env import, pull, inspect) and reading/writing local files (.vefaas/config.json, ~/.vefaas/logs/, .env). This is expected for a deployment CLI, but the docs explicitly recommend importing .env files and note debug logs include full JSON responses — both can expose secrets if mishandled. Also the SKILL metadata does not declare the environment variables that the docs recommend using.

⚠ Install Mechanism

There is no registry install spec; the SKILL.md recommends running npm i -g against a direct tarball URL (https://vefaas-cli.tos-cn-beijing.volces.com/volcengine-vefaas-latest.tgz). Installing an npm package from an arbitrary tarball executes remote code and is higher risk than installing from a well-known registry or verified release host. The tarball host appears vendor-specific but the package origin is not verifiable from the skill metadata (no homepage/source).

⚠ Credentials

Skill metadata declares no required env vars, yet the docs reference VOLC_ACCESS_KEY_ID, VOLC_SECRET_ACCESS_KEY, VOLC_SESSION_TOKEN and provide AK/SK login examples. The CLI saves credentials to ~/.vefaas/auth.json and debug logs are said to include full JSON API responses — this combination increases the risk that secrets are stored or logged locally. The credential requests are proportionate to the stated purpose, but the metadata mismatch and potential for sensitive data in logs/configs are notable.

ℹ Persistence & Privilege

The CLI stores config and auth in ~/.vefaas/ and project-level .vefaas/config.json; always=false (no forced global inclusion). Persisting credentials/config is normal for a CLI, but users should be aware credentials and full debug output may be written to disk.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install byted-vefaas-skills
安装完成后，直接呼叫该 Skill 的名称或使用 /byted-vefaas-skills 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of the vefaas skill for Volcengine FaaS CLI. - Enables deploying and managing serverless applications on Volcengine veFaaS. - Supports authentication, environment variable configuration, code deployment, and function management. - Provides concise CLI commands and workflow instructions. - Includes references and quickstart guides for common usage scenarios. - Offers troubleshooting advice and non-interactive mode for automation.

元数据

Slug byted-vefaas-skills

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题