← 返回 Skills 市场
122
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install prisma-access
功能描述
All-in-one Prisma Access management for Strata Cloud Manager (SCM). Generate configurations, audit against best practices, migrate between tenants, troublesh...
安全使用建议
This skill appears to be what it claims: an SCM API client implemented as an instruction-only skill using curl and jq. Before installing, verify the GitHub homepage/source and trustworthiness of the author because the agent will transmit the SCM_CLIENT_SECRET (and any additional per-tenant credentials you set) to paloalto's SCM API endpoints. For migrations, the SKILL.md example uses SRC_/DST_ env var names not declared in the metadata—ensure you set appropriate source and destination credentials and use least-privilege accounts. Never paste secrets into chat messages; prefer setting credentials in your agent's secure environment. If you need higher assurance, review the GitHub repo content and test with a read-only or sandbox SCM account and use the skill's dry-run mode and explicit commit guardrails before performing any commits.
功能分析
Type: OpenClaw Skill
Name: prisma-access
Version: 1.1.0
The prisma-access skill is a comprehensive management tool for Palo Alto Networks Strata Cloud Manager (SCM). It provides structured instructions for an AI agent to generate configurations, audit security policies, migrate data between tenants, and perform API operations using legitimate endpoints (e.g., api.sase.paloaltonetworks.com). The skill includes appropriate safety guardrails such as dry-run requirements and manual commit confirmations, and shows no signs of malicious intent, data exfiltration, or unauthorized execution logic in SKILL.md or _meta.json.
能力评估
Purpose & Capability
Name/description (Prisma Access management for Strata Cloud Manager) match the requested binaries (curl, jq) and the required SCM API credentials (SCM_CLIENT_ID, SCM_CLIENT_SECRET, SCM_TSG_ID). The declared primary credential (SCM_CLIENT_ID) and declared env vars are plausible and proportionate for an SCM API integration.
Instruction Scope
SKILL.md is instruction-only and instructs the agent to generate SCM API-compatible JSON and call api.sase.paloaltonetworks.com endpoints using curl/jq — this is expected. One minor inconsistency: the migration section shows example environment variables (SRC_*/DST_* names) that are not listed in the skill's requires.env metadata; this means the skill expects additional per-tenant credentials for migrations but did not declare them as required. The instructions do not appear to request unrelated files or unrelated system credentials.
Install Mechanism
No install spec — instruction-only skill (lowest install risk). No downloads, no archives, and the required binaries are standard CLI tools already declared.
Credentials
The skill requests SCM_CLIENT_ID, SCM_CLIENT_SECRET, and SCM_TSG_ID, which are appropriate for SCM API access. However, tenant migration workflows implicitly require separate source/target credentials (the SKILL.md examples use SRC_/DST_ env var names) that are not declared in requires.env; the user must supply and manage those additional secrets when performing migrations. Treat SCM_CLIENT_SECRET and any SRC_/DST_* secrets as sensitive.
Persistence & Privilege
always:false and default invocation settings. The skill is instruction-only and does not request persistent system-wide privileges or modifications. It will, however, initiate network calls that can transmit supplied credentials to the SCM API — expected behavior for this type of integration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install prisma-access - 安装完成后,直接呼叫该 Skill 的名称或使用
/prisma-access触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
## v1.1.0 / 迁移兼容性矩阵
### English
Added real-world migration compatibility matrix: what can be migrated directly via SCM API, what requires manual handling. Key findings: Service Account permissions block URL/Data/AI profiles, conflict detection must check all folders, Profile Groups support partial migration.
### 中文
新增实测迁移兼容性矩阵:哪些可直接通过 SCM API 迁移,哪些需要手动处理。关键发现:Service Account 权限限制导致部分高级配置无法导出,冲突检测需覆盖所有 folder,配置组支持部分迁移。
v1.0.0
## v1.0.0 Initial Release / 首次发布
### English
All-in-one Prisma Access management skill for Strata Cloud Manager. Combines all 5 individual skills into a single install:
- **config**: Generate SCM configurations (security policies, NAT, decryption, GlobalProtect, etc.)
- **audit**: Audit against PAN-OS best practices, CIS benchmarks, Zero Trust
- **migrate**: Tenant-to-tenant (TSG) configuration migration
- **troubleshoot**: Diagnose GlobalProtect, policy matching, tunnel, API issues
- **api**: Direct SCM API operations (auth, CRUD, config push)
Individual skills also available: prisma-config, prisma-audit, prisma-migrate, prisma-troubleshoot, prisma-api.
### 中文
Prisma Access 一站式管理技能,面向 Strata Cloud Manager。将 5 个独立技能合并为一次安装:
- **config**:生成 SCM 配置(安全策略、NAT、解密、GlobalProtect 等)
- **audit**:根据 PAN-OS 最佳实践、CIS 基准、零信任审计
- **migrate**:租户间 (TSG) 配置迁移
- **troubleshoot**:诊断 GlobalProtect、策略匹配、隧道、API 问题
- **api**:直接操作 SCM API(认证、增删改查、配置推送)
也可单独安装:prisma-config、prisma-audit、prisma-migrate、prisma-troubleshoot、prisma-api。
元数据
常见问题
Prisma Access All-in-One 是什么?
All-in-one Prisma Access management for Strata Cloud Manager (SCM). Generate configurations, audit against best practices, migrate between tenants, troublesh... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 122 次。
如何安装 Prisma Access All-in-One?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install prisma-access」即可一键安装,无需额外配置。
Prisma Access All-in-One 是免费的吗?
是的,Prisma Access All-in-One 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Prisma Access All-in-One 支持哪些平台?
Prisma Access All-in-One 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Prisma Access All-in-One?
由 H@CKMEN(@leesandao)开发并维护,当前版本 v1.1.0。
推荐 Skills