← 返回 Skills 市场
Cloudmigrate
作者
ncreighton
· GitHub ↗
· v1.0.0
· MIT-0
117
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install cloudmigrate
功能描述
Automate multi-cloud migrations and infrastructure deployments with customizable IaC workflows. Use when the user needs cloud strategy planning, infrastructu...
使用说明 (SKILL.md)
\r \r
Overview\r
\r CloudMigrate is a production-grade skill for automating complex cloud migrations and infrastructure deployments across AWS, Azure, GCP, and hybrid environments. It orchestrates Infrastructure-as-Code (IaC) generation, multi-step deployment workflows, service discovery, data migration planning, and environment configuration — eliminating manual processes that introduce errors and delay time-to-production.\r \r Why CloudMigrate Matters:\r
- Reduces Migration Complexity: Converts high-level requirements into executable Terraform, CloudFormation, and Ansible playbooks\r
- Multi-Cloud Support: Seamlessly provisions across AWS (EC2, RDS, Lambda), Azure (VMs, SQL Database, App Service), and GCP (Compute Engine, Cloud SQL)\r
- Risk Mitigation: Generates validation scripts, pre-flight checks, and rollback procedures automatically\r
- Team Enablement: Integrates with Slack for approval workflows and GitHub for GitOps-ready code repositories\r
- Cost Optimization: Analyzes current infrastructure and recommends cost-reduction strategies before migration\r \r Typical Use Cases:\r
- Lift-and-shift migration from on-premises to public cloud\r
- Multi-region failover and disaster recovery setup\r
- Microservices deployment with containerization\r
- Database migration with zero-downtime cutover planning\r
- DevOps pipeline automation and CI/CD infrastructure\r \r ---\r \r
Quick Start\r
\r Try these prompts immediately to see CloudMigrate in action:\r \r
Example 1: Generate AWS Migration Plan\r
Plan a migration for a 50-server on-premises data center to AWS. \r
The environment includes:\r
- 10 Windows servers running legacy applications (SQL Server backend)\r
- 20 Linux web servers (Apache/PHP)\r
- 15 database servers (MySQL, PostgreSQL)\r
- Network: 10.0.0.0/8 with 5 subnets\r
\r
Generate:\r
1. Network architecture diagram (as code)\r
2. Terraform configuration for VPC, subnets, security groups\r
3. AWS Database Migration Service (DMS) configuration\r
4. Cost estimate (3-year TCO comparison)\r
5. Risk assessment and mitigation steps\r
```\r
\r
### Example 2: Create Multi-Environment Infrastructure\r
```\r
Create Terraform code for a production SaaS application with:\r
- Development, staging, and production environments\r
- Application load balancer routing to auto-scaling groups\r
- RDS PostgreSQL with read replicas\r
- ElastiCache Redis cluster for sessions\r
- S3 buckets with versioning and encryption\r
- CloudFront CDN configuration\r
- Monitoring with CloudWatch and SNS alerts\r
\r
Include:\r
- Environment variable files (.tfvars)\r
- Terraform state locking with DynamoDB\r
- IAM roles and policies (least privilege)\r
- Backup and disaster recovery automation\r
```\r
\r
### Example 3: Azure Hybrid Cloud Deployment\r
```\r
Generate infrastructure-as-code for a hybrid Azure deployment:\r
- On-premises Hyper-V VMs migrated to Azure\r
- Azure ExpressRoute connection\r
- Azure SQL Database failover groups (read replicas)\r
- App Service with staging slots for blue-green deployments\r
- Azure DevOps pipeline for automated testing\r
- Monitoring with Application Insights\r
\r
Provide:\r
1. Bicep templates (Azure native IaC)\r
2. Network configuration and security policies\r
3. Azure Migrate assessment and scripts\r
4. Cutover schedule with validation steps\r
5. Rollback procedures\r
```\r
\r
### Example 4: Kubernetes Deployment Automation\r
```\r
Create a complete Kubernetes infrastructure for a microservices platform:\r
- EKS cluster on AWS (multi-AZ)\r
- Container registry (ECR)\r
- Helm charts for 5 microservices\r
- Persistent storage (EBS volumes)\r
- Ingress controller with TLS\r
- Service mesh (Istio) for traffic management\r
- Prometheus + Grafana monitoring\r
- RBAC and network policies\r
\r
Include deployment scripts and GitOps workflows with Flux.\r
```\r
\r
---\r
\r
## Capabilities\r
\r
### 1. Infrastructure-as-Code Generation\r
**What it does:** Converts natural language requirements into production-ready Terraform, CloudFormation, Bicep, or Ansible code.\r
\r
**Example Usage:**\r
```\r
Generate a Terraform module for a secure multi-AZ RDS cluster with:\r
- Automated backups (30-day retention)\r
- Encryption at rest (KMS) and in transit (TLS)\r
- IAM database authentication\r
- Performance Insights enabled\r
- Parameter group tuning for PostgreSQL 14\r
- Subnet group spanning 3 availability zones\r
```\r
\r
**Supported IaC Frameworks:**\r
- Terraform (HCL)\r
- AWS CloudFormation (JSON/YAML)\r
- Azure Bicep\r
- Ansible playbooks\r
- Kubernetes manifests (YAML)\r
- Docker Compose\r
- Helm Charts\r
\r
### 2. Multi-Cloud Migration Planning\r
**What it does:** Assesses source environments and generates cloud-specific migration strategies.\r
\r
**Outputs Include:**\r
- Current state analysis (resource inventory, dependencies, costs)\r
- Target architecture diagrams\r
- Network topology with CIDR planning\r
- Database migration strategy (schema conversion, data replication)\r
- Application re-platforming recommendations\r
- Cost analysis (CapEx → OpEx breakdown)\r
- Timeline and resource allocation\r
\r
### 3. Deployment Orchestration\r
**What it does:** Creates step-by-step automation workflows for safe, validated deployments.\r
\r
**Features:**\r
- Pre-deployment validation scripts (connectivity, permissions, quotas)\r
- Rolling deployments with health checks\r
- Canary releases with traffic shifting\r
- Automated rollback on failure detection\r
- Post-deployment smoke tests\r
- Approval gates (integrate with Slack for manual sign-offs)\r
\r
### 4. Data Migration & Cutover Planning\r
**What it does:** Generates scripts and procedures for zero-downtime data migration.\r
\r
**Capabilities:**\r
- Schema validation and conversion (Oracle → PostgreSQL, etc.)\r
- Replication lag monitoring\r
- Cutover scheduling and validation\r
- DNS failover automation\r
- Data validation queries\r
- Backup and recovery procedures\r
\r
### 5. Security & Compliance Automation\r
**What it does:** Embeds security best practices into generated infrastructure.\r
\r
**Includes:**\r
- IAM role and policy generation (least privilege principle)\r
- Network segmentation (security groups, NACLs, firewalls)\r
- Encryption configuration (KMS, TDE, SSL/TLS)\r
- Compliance scanning (CIS benchmarks, PCI-DSS)\r
- Secrets management (HashiCorp Vault, AWS Secrets Manager)\r
- Audit logging and monitoring\r
\r
### 6. Cost Optimization Analysis\r
**What it does:** Recommends cost-saving strategies and calculates savings.\r
\r
**Outputs:**\r
- Reserved instance recommendations\r
- Spot instance opportunities\r
- Right-sizing recommendations\r
- Storage optimization (S3 tiers, compression)\r
- Network cost analysis\r
- 3-year TCO projections\r
\r
---\r
\r
## Configuration\r
\r
### Required Environment Variables\r
\r
```bash\r
# AWS\r
export AWS_ACCESS_KEY_ID="your-access-key"\r
export AWS_SECRET_ACCESS_KEY="your-secret-key"\r
export AWS_REGION="us-east-1"\r
\r
# Azure\r
export AZURE_SUBSCRIPTION_ID="your-subscription-id"\r
export AZURE_CLIENT_ID="your-client-id"\r
export AZURE_CLIENT_SECRET="your-client-secret"\r
export AZURE_TENANT_ID="your-tenant-id"\r
\r
# GCP\r
export GCP_PROJECT_ID="your-project-id"\r
export GCP_SERVICE_ACCOUNT_JSON="/path/to/service-account.json"\r
\r
# CloudMigrate Specific\r
export CLOUDMIGRATE_STATE_BUCKET="your-terraform-state-bucket"\r
export CLOUDMIGRATE_SLACK_WEBHOOK="https://hooks.slack.com/services/YOUR/WEBHOOK"\r
export CLOUDMIGRATE_GITHUB_TOKEN="your-github-pat-token"\r
export CLOUDMIGRATE_VAULT_ADDR="https://vault.example.com"\r
```\r
\r
### Setup Instructions\r
\r
1. **Install Required Binaries:**\r
```bash\r
# macOS (Homebrew)\r
brew install terraform ansible awscli azure-cli google-cloud-sdk docker\r
\r
# Linux (Debian/Ubuntu)\r
sudo apt-get install -y terraform ansible awscli azure-cli docker.io\r
\r
# Windows (Chocolatey)\r
choco install terraform ansible awscli azure-cli docker-desktop\r
```\r
\r
2. **Authenticate Cloud Providers:**\r
```bash\r
# AWS\r
aws configure\r
\r
# Azure\r
az login\r
\r
# GCP\r
gcloud auth application-default login\r
```\r
\r
3. **Initialize Terraform State Backend:**\r
```bash\r
cloudmigrate init-backend \\r
--provider aws \\r
--bucket my-terraform-state \\r
--region us-east-1\r
```\r
\r
4. **Configure Slack Integration (Optional):**\r
```bash\r
cloudmigrate config slack \\r
--webhook-url "https://hooks.slack.com/services/YOUR/WEBHOOK" \\r
--channel "#infrastructure"\r
```\r
\r
### Configuration Options\r
\r
```yaml\r
# cloudmigrate-config.yaml\r
migration:\r
strategy: "lift-and-shift" # or "refactor", "replatform", "repurchase"\r
parallelization:\r
max_concurrent_deployments: 5\r
max_concurrent_migrations: 3\r
validation:\r
pre_deployment_checks: true\r
post_deployment_tests: true\r
health_check_retries: 5\r
\r
cloud_targets:\r
aws:\r
regions: ["us-east-1", "us-west-2", "eu-west-1"]\r
instance_types: ["t3.medium", "m5.large", "c5.xlarge"]\r
azure:\r
regions: ["eastus", "westeurope"]\r
vm_sizes: ["Standard_B2s", "Standard_D2s_v3"]\r
gcp:\r
regions: ["us-central1", "europe-west1"]\r
machine_types: ["e2-medium", "n2-standard-2"]\r
\r
security:\r
encryption_at_rest: true\r
encryption_in_transit: true\r
enable_mfa: true\r
compliance_framework: "pci-dss" # or "hipaa", "gdpr", "sox"\r
\r
cost_optimization:\r
reserved_instances: true\r
spot_instances: false\r
auto_shutdown_dev: true\r
budget_alerts: true\r
```\r
\r
---\r
\r
## Example Outputs\r
\r
### Generated Terraform Code\r
```hcl\r
# main.tf - Generated by CloudMigrate\r
terraform {\r
required_version = ">= 1.0"\r
required_providers {\r
aws = {\r
source = "hashicorp/aws"\r
version = "~> 5.0"\r
}\r
}\r
backend "s3" {\r
bucket = "my-terraform-state"\r
key = "production/terraform.tfstate"\r
region = "us-east-1"\r
dynamodb_table = "terraform-locks"\r
encrypt = true\r
}\r
}\r
\r
provider "aws" {\r
region = var.aws_region\r
default_tags {\r
tags = {\r
Environment = var.environment\r
ManagedBy = "CloudMigrate"\r
Project = var.project_name\r
}\r
}\r
}\r
\r
# VPC with private/public subnets\r
resource "aws_vpc" "main" {\r
cidr_block = var.vpc_cidr\r
enable_dns_hostnames = true\r
enable_dns_support = true\r
\r
tags = {\r
Name = "${var.project_name}-vpc"\r
}\r
}\r
\r
# Security Group with least-privilege rules\r
resource "aws_security_group" "app" {\r
name = "${var.project_name}-app-sg"\r
description = "Security group for application tier"\r
vpc_id = aws_vpc.main.id\r
\r
ingress {\r
from_port = 443\r
to_port = 443\r
protocol = "tcp"\r
security_groups = [aws_security_group.alb.id]\r
}\r
\r
egress {\r
from_port = 0\r
to_port = 0\r
protocol = "-1"\r
cidr_blocks = ["0.0.0.0/0"]\r
}\r
\r
tags = {\r
Name = "${var.project_name}-app-sg"\r
}\r
}\r
\r
# RDS PostgreSQL with encryption\r
resource "aws_db_instance" "postgres" {\r
allocated_storage = var.db_storage_gb\r
engine = "postgres"\r
engine_version = "14.7"\r
instance_class = var.db_instance_class\r
db_name = var.db_name\r
username = var.db_username\r
password = random_password.db.result\r
parameter_group_name = aws_db_parameter_group.postgres.name\r
skip_final_snapshot = false\r
final_snapshot_identifier = "${var.project_name}-final-snapshot-${formatdate("YYYY-MM-DD-hhmm", timestamp())}"\r
\r
# Security\r
storage_encrypted = true\r
kms_key_id = aws_kms_key.db.arn\r
publicly_accessible = false\r
db_subnet_group_name = aws_db_subnet_group.main.name\r
vpc_security_group_ids = [aws_security_group.database.id]\r
\r
# High Availability\r
multi_az = true\r
backup_retention_period = 30\r
backup_window = "03:00-04:00"\r
maintenance_window = "sun:04:00-sun:05:00"\r
\r
# Performance\r
performance_insights_enabled = true\r
performance_insights_retention_period = 7\r
enabled_cloudwatch_logs_exports = ["postgresql"]\r
\r
tags = {\r
Name = "${var.project_name}-postgres"\r
}\r
\r
depends_on = [aws_security_group.database]\r
}\r
\r
# Auto Scaling Group\r
resource "aws_autoscaling_group" "app" {\r
name = "${var.project_name}-asg"\r
vpc_zone_identifier = aws_subnet.private[*].id\r
target_group_arns = [aws_lb_target_group.app.arn]\r
health_check_type = "ELB"\r
health_check_grace_period = 300\r
\r
launch_template {\r
id = aws_launch_template.app.id\r
version = "$Latest"\r
}\r
\r
min_size = var.asg_min_size\r
max_size = var.asg_max_size\r
desired_capacity = var.asg_desired_capacity\r
\r
tag {\r
key = "Name"\r
value = "${var.project_name}-asg-instance"\r
propagate_at_launch = true\r
}\r
\r
tag {\r
key = "Environment"\r
value = var.environment\r
propagate_at_launch = true\r
}\r
}\r
```\r
\r
### Migration Assessment Report (JSON)\r
```json\r
{\r
"assessment_id": "mig-2024-001",\r
"timestamp": "2024-01-15T10:30:00Z",\r
"source_environment": {\r
"type": "on-premises",\r
"location": "data-center-01",\r
"total_servers": 47,\r
"total_storage_gb": 5120,\r
"total_vms": {\r
"windows": 10,\r
"linux": 37\r
}\r
},\r
"target_environment": {\r
"provider": "aws",\r
"regions": ["us-east-1", "us-west-2"],\r
"estimated_monthly_cost": 18500\r
},\r
"migration_strategy": "lift-and-shift",\r
"timeline": {\r
"assessment_phase": "2 weeks",\r
"planning_phase": "4 weeks",\r
"migration_phase": "12 weeks",
安全使用建议
This skill broadly looks like a real multi-cloud migration helper, but treats high-privilege cloud credentials as mandatory and references external data transfers (SFTP, Google Drive) and integrations (Slack, GitHub) without declaring the tokens or detailing safeguards. Before installing: 1) Ask the author why all provider credentials are required up-front and whether they can be optional or prompted at runtime. 2) Never supply long-lived full-privilege credentials; create narrowly scoped, temporary service accounts/keys with the minimum permissions needed for the task. 3) Confirm exactly where data will be uploaded (SFTP host, Google Drive account, GitHub repos, Slack channels) and require explicit consent/confirmation before any transfer. 4) Run any tests in an isolated environment (sandbox or throwaway cloud accounts) first. 5) Request the complete SKILL.md and any code for review; if the maintainer cannot justify why the GCP service-account JSON and all provider secrets must be present together, treat the skill as higher risk and avoid using it with real production credentials.
功能分析
Type: OpenClaw Skill
Name: cloudmigrate
Version: 1.0.0
The skill bundle requests an extensive and highly sensitive set of environment variables, including full administrative credentials for AWS, Azure, GCP, GitHub, and Slack. While these permissions are technically relevant to the stated purpose of multi-cloud migration and Infrastructure-as-Code (IaC) automation, the bundle consists entirely of markdown instructions (SKILL.md) without any underlying implementation logic, which significantly increases the risk of credential exfiltration via prompt injection. Furthermore, there is a suspicious discrepancy between the title (mentioning SFTP and Google Drive) and the actual content (focused on Terraform and cloud providers), suggesting either a deceptive 'bait-and-switch' or a poorly constructed template.
能力评估
Purpose & Capability
The declared binaries (terraform, ansible, az, gcloud, docker, aws-cli) and the overall description align with a multi-cloud migration/IaC tool. However, requiring credentials for AWS, Azure, and GCP simultaneously (including a raw GCP service-account JSON) as mandatory environment variables is heavier than most single-use migration tasks normally require. Minor inconsistency: the required binary is listed as 'aws-cli' while the actual executable is usually named 'aws'.
Instruction Scope
The SKILL.md explicitly mentions automated SFTP transfers and Google Drive sync plus integrations with Slack and GitHub. Those features imply reading potentially large sets of local data and transmitting them to external endpoints. The skill manifest does not declare Slack/GitHub tokens or specify safe handling/consent flows. Because the skill is instruction-only and the full runtime instructions are truncated, it's unclear what safeguards or explicit user prompts exist before data is moved — this increases risk of unintended data exfiltration.
Install Mechanism
There is no install specification and no bundled code to write to disk (instruction-only). That lowers install-time risk: nothing is downloaded or executed implicitly by an installer.
Credentials
Requiring AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY, AZURE_SUBSCRIPTION_ID/AZURE_CLIENT_ID/AZURE_CLIENT_SECRET, and GCP_PROJECT_ID/GCP_SERVICE_ACCOUNT_JSON as mandatory env vars is disproportionate unless the user intends to run cross-cloud operations in one session. The GCP service-account JSON in an env var is high-sensitivity material. The skill also claims integrations (Slack/GitHub) but lists no corresponding tokens or scopes — a mismatch that could mean the skill expects to use other means to access services or will prompt for credentials at runtime. Either way, humans should only provide scoped, temporary credentials if they proceed.
Persistence & Privilege
The skill is not marked always:true, does not request config paths, and has no install-time persistence. It does allow normal autonomous invocation (default), which is expected for skills; that alone is not a concern but increases the importance of limiting credentials and reviewing instructions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install cloudmigrate - 安装完成后,直接呼叫该 Skill 的名称或使用
/cloudmigrate触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of CloudMigrate skill for automated cloud migration and IaC workflows.
- Automates multi-cloud migrations and infrastructure deployment across AWS, Azure, and GCP.
- Generates Infrastructure-as-Code (Terraform, CloudFormation, Bicep, Ansible) from natural language requirements.
- Provides migration strategy planning, cost analysis, risk mitigation, and rollback procedures.
- Supports complex use cases: lift-and-shift, CI/CD pipelines, disaster recovery, Kubernetes automation, and more.
- Integrates with Slack and GitHub for collaboration and GitOps workflows.
元数据
常见问题
Cloudmigrate 是什么?
Automate multi-cloud migrations and infrastructure deployments with customizable IaC workflows. Use when the user needs cloud strategy planning, infrastructu... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 117 次。
如何安装 Cloudmigrate?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install cloudmigrate」即可一键安装,无需额外配置。
Cloudmigrate 是免费的吗?
是的,Cloudmigrate 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Cloudmigrate 支持哪些平台?
Cloudmigrate 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(macos, linux, win32)。
谁开发了 Cloudmigrate?
由 ncreighton(@ncreighton)开发并维护,当前版本 v1.0.0。
推荐 Skills