功能描述

华为云架构设计与资源开通。当用户需要设计云架构、推荐华为云服务配置、估算成本、或生成 Terraform 模板时使用此 skill。触发场景：(1) 描述业务需求寻求架构建议，(2) 需要华为云资源配置清单，(3) 需要成本预估，(4) 需要生成 Terraform 模板。

使用说明 (SKILL.md)

华为云架构设计与资源开通

Name: Huaweicloud
Author: jiachenz

帮助用户从业务需求出发，设计华为云架构、推荐资源配置、估算成本，并生成可执行的 Terraform 模板。

工作流程

用户描述业务需求
       ↓
[1. 需求分析] 提取关键要素
       ↓
[2. 架构推荐] 匹配合适的架构模式
       ↓
[3. 资源清单] 生成详细配置
       ↓
[4. 成本预估] 调用价格计算
       ↓
[5. 生成模板] 输出 Terraform 代码
       ↓
[6. 用户确认] 等待确认后交付

1. 需求分析

从用户描述中提取关键要素：

要素	说明	示例
业务类型	Web应用/微服务/大数据/AI	电商网站、数据分析平台
规模	用户量/数据量/QPS	日活10万、数据1TB
可用性	是否需要高可用	单可用区/多可用区
安全合规	等保/数据加密	等保三级
预算	成本约束	月预算5000元

输出： 结构化的需求摘要

2. 架构推荐

根据需求匹配架构模式，参考 references/architectures.md。

常见架构模式：

Web 应用架构（ECS + RDS + OBS + ELB）
微服务架构（CCE + RDS + Redis + ELB）
大数据架构（MRS + OBS + DWS）
AI/ML 架构（ModelArts + OBS + RDS）

输出： 推荐的架构方案 + 架构图描述

3. 资源清单

根据架构方案，生成详细的资源配置，参考 references/services.md。

清单格式：

## 资源配置清单

### 计算资源
| 资源类型 | 规格 | 数量 | 用途 |
|---------|------|------|------|
| ECS | c6.xlarge.4 | 2 | Web服务器 |

### 存储资源
| 资源类型 | 规格 | 容量 | 用途 |
|---------|------|------|------|
| OBS | 标准存储 | 500GB | 静态资源 |

### 网络资源
| 资源类型 | 规格 | 数量 | 用途 |
|---------|------|------|------|
| VPC | /16 | 1 | 主网络 |
| ELB | 共享型 | 1 | 负载均衡 |

### 数据库
| 资源类型 | 规格 | 版本 | 用途 |
|---------|------|------|------|
| RDS MySQL | rds.mysql.c6.large.2 | 8.0 | 主数据库 |

4. 成本预估

使用 scripts/hwc-pricing.py 计算月度成本。

前提条件：

环境变量 HWC_ACCESS_KEY 和 HWC_SECRET_KEY 已配置

输出格式：

## 成本预估（月度）

| 资源 | 单价 | 数量 | 月费用 |
|------|------|------|--------|
| ECS c6.xlarge.4 | ¥800 | 2 | ¥1,600 |
| RDS MySQL | ¥1,200 | 1 | ¥1,200 |
| ... | ... | ... | ... |
| **合计** | | | **¥3,500** |

*价格仅供参考，以实际账单为准*

5. 生成 Terraform 模板

根据资源清单生成 Terraform 代码，参考 references/terraform-providers.md 和 assets/terraform/ 模板。

输出文件：

main.tf - 主配置（provider、变量）
vpc.tf - 网络配置
compute.tf - 计算资源
database.tf - 数据库资源
storage.tf - 存储资源
outputs.tf - 输出变量

6. 用户确认

展示完整方案供用户确认：

架构方案
资源清单
成本预估
Terraform 代码（或文件）

确认后再交付最终文件。

参考文档

按需加载以下文档：

产品目录：references/services.md — 华为云产品规格与适用场景
架构模式：references/architectures.md — 常见架构模式与最佳实践
Terraform：references/terraform-providers.md — 华为云 Provider 使用指南
价格 API：references/pricing-api.md — 价格计算接口文档

注意事项

AK/SK 安全：不在模板中硬编码凭证，使用环境变量或 Terraform 变量
成本提示：始终提醒用户价格仅供参考
合规检查：涉及等保、数据安全时提醒用户确认合规要求
模板验证：建议用户在执行前使用 terraform plan 验证

安全使用建议

What to consider before installing: - Inconsistency: SKILL.md says the cost script needs HWC_ACCESS_KEY / HWC_SECRET_KEY, but the skill's metadata does not declare any required env vars and the included scripts/hwc-pricing.py does not read or use those env vars (it uses a built-in PRICE_TABLE). Provider comments in Terraform templates reference yet another name (HW_ACCESS_KEY / HW_SECRET_KEY). This is a red flag: do not export your cloud AK/SK to the skill until you verify why they are needed. - Verify behavior locally: If you need cost estimates, run scripts/hwc-pricing.py locally against a sample resources.json first (the script currently uses static prices and does not call external APIs). That lets you confirm whether it needs credentials and whether it will call external endpoints. - Least privilege: If the skill genuinely needs AK/SK for BSS API calls, create and supply credentials with minimal scope (read-only billing/pricing) and prefer short-lived or limited-scope keys. Never supply root or admin keys. - Review outputs: The generated Terraform templates and outputs include connection strings and resource IDs (private IPs, hostnames). Be careful about sharing generated files; they can reveal internal network details. - If you need certainty: Ask the author (or inspect runtime code) whether any component will call the Huawei BSS pricing API or other network endpoints. The current repo shows only local calculation; if future versions add API calls, credential use could change. Given these mismatches I recommend caution (do not provide cloud credentials) until the credential requirements are clarified and the script's network behavior is confirmed.

功能分析

Type: OpenClaw Skill Name: huaweicloud-skill Version: 0.1.1 The skill is classified as suspicious due to a significant prompt injection vulnerability in its Terraform template generation. Specifically, the `assets/terraform/compute.tf.md` template includes a `user_data` field (`user_data = var.web_user_data`) which can execute arbitrary shell commands on provisioned cloud instances. An attacker could exploit this by crafting malicious input to the AI agent, causing it to inject harmful scripts into the `web_user_data` variable, leading to Remote Code Execution (RCE) on the deployed infrastructure. Additionally, the `public_key_path` variable in `assets/terraform/variables.tf.md` defaults to `~/.ssh/id_rsa.pub`, indicating a capability to access local files, which could be abused if the path is manipulated. While the `scripts/hwc-pricing.py` script mentions sensitive environment variables, it does not actually access them or make network calls, mitigating that specific risk.

能力评估

⚠ Purpose & Capability

The skill's name, description, and included Terraform templates align with its stated purpose (architecture design, resource lists, Terraform output). However the runtime instructions claim the cost calculator requires HWC_ACCESS_KEY/HWC_SECRET_KEY while the skill metadata declares no required env vars; provider comments in templates reference different variable names (HW_ACCESS_KEY/HW_SECRET_KEY). This mismatch between declared requirements and the instructions is incoherent and unexplained.

⚠ Instruction Scope

SKILL.md instructs the agent to run scripts/hwc-pricing.py to compute costs and to generate Terraform files from repository templates. It explicitly asks for environment variables (HWC_ACCESS_KEY/HWC_SECRET_KEY) as a precondition for pricing, but the included Python script does not actually call any external API or read those env vars (it uses an internal PRICE_TABLE). That inconsistency could confuse users and may indicate the script or instructions were changed without updating the other.

✓ Install Mechanism

No install spec is provided; this is an instruction-and-file-only skill. No archive downloads or external installers are invoked, so there is low installation risk from arbitrary remote code fetches. Files in the repo are plain-text templates and one Python script.

⚠ Credentials

The SKILL.md requests HWC_ACCESS_KEY and HWC_SECRET_KEY for pricing, but the skill's declared requirements list no env vars and the Python script does not use those variables. Provider comments in templates reference yet another naming convention (HW_ACCESS_KEY / HW_SECRET_KEY). Asking for cloud AK/SK is a high-sensitivity request that should be justified and declared explicitly — the current mismatch is disproportionate and confusing.

✓ Persistence & Privilege

The skill does not request always:true, does not declare system config paths, and does not modify other skills. It would run only when invoked. Generated Terraform files and cost reports are expected outputs and do not in themselves increase runtime privilege.

版本历史

v0.1.1

Initial release with Terraform templates and architecture references - Added Terraform template files for core resource types: compute, database, storage, network, outputs, and variables. - Included architecture, product, pricing API, and provider reference documents. - Added pricing estimation script for Huawei Cloud resources. - Provided documentation and workflow for architecture design, resource listing, cost estimation, and template generation. - Supplied a sample README for usage instructions.

v0.1.0

Initial release of huaweicloud-skill. - Provides cloud architecture design and resource provisioning for Huawei Cloud. - Supports requirement analysis, reference architecture recommendation, resource list generation, cost estimation, and Terraform template output. - Workflow covers: input business needs → analyze → recommend architecture → resource details → estimate cost → generate Terraform templates → user confirmation. - Includes best practice guidance, cost disclaimer, and compliance/security reminders. - Reference documentation and template generation guidelines included for user self-extension.

元数据

Slug huaweicloud-skill

版本 0.1.1

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Huaweicloud 是什么？

华为云架构设计与资源开通。当用户需要设计云架构、推荐华为云服务配置、估算成本、或生成 Terraform 模板时使用此 skill。触发场景：(1) 描述业务需求寻求架构建议，(2) 需要华为云资源配置清单，(3) 需要成本预估，(4) 需要生成 Terraform 模板。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 504 次。

如何安装 Huaweicloud？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install huaweicloud-skill」即可一键安装，无需额外配置。

Huaweicloud 是免费的吗？

是的，Huaweicloud 完全免费（开源免费），可自由下载、安装和使用。

Huaweicloud 支持哪些平台？

Huaweicloud 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Huaweicloud？

由 jiachenz（@jiachenz）开发并维护，当前版本 v0.1.1。

Huaweicloud