← 返回 Skills 市场
leesandao

prisma-migrate

作者 H@CKMEN · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ⚠ suspicious
101
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install prisma-migrate
功能描述
Migrate Prisma Access configurations between different SCM tenants (TSGs). Use when moving security policies, NAT rules, address objects, and other configura...
安全使用建议
This skill appears to implement Prisma Access tenant-to-tenant migration via the official SCM APIs and uses curl/jq — that part is coherent. However, the registry metadata's required env vars (SCM_CLIENT_ID, SCM_CLIENT_SECRET) do not match the SKILL.md and reference docs, which show separate source and destination credentials and TSG IDs (e.g., SRC_SCM_CLIENT_ID, DST_SCM_CLIENT_ID, SRC_SCM_TSG_ID, DST_SCM_TSG_ID). Before installing or running: - Review the SKILL.md and reference/migration-workflow.md fully and ensure you export the exact environment variables the scripts expect (source and target client_id/client_secret and TSG IDs). The registry metadata may be incomplete or outdated. - Use least-privileged service accounts tailored for migration; some APIs (URL/Data/AI profiles) require elevated rights — avoid using broad admin credentials unless necessary. - Test on a non-production tenant first and verify the migration flow (export → transform → import → candidate push) with limited objects. - Keep credentials scoped and rotate them after use; do not reuse long-lived high-privilege credentials. - Because this is instruction-only (runs curl against Palo Alto endpoints), confirm that your environment has curl and jq and that network egress to auth.apps.paloaltonetworks.com and api.sase.paloaltonetworks.com is allowed. - If you need clarity, contact the skill author or inspect any runtime scripts you plan to run to ensure they reference the correct env var names and do not exfiltrate data to third-party endpoints. Given the metadata/instruction mismatch, proceed with caution and correct the environment variable usage before trusting the tool in production.
功能分析
Type: OpenClaw Skill Name: prisma-migrate Version: 1.1.0 The prisma-migrate skill is a legitimate administrative tool for migrating Palo Alto Networks Prisma Access configurations between tenants via the Strata Cloud Manager API. The SKILL.md and migration-workflow.md files provide detailed, technically accurate instructions for handling dependencies, stripping server-generated fields, and managing API authentication using official Palo Alto Networks endpoints (e.g., api.sase.paloaltonetworks.com). The skill includes explicit safety guardrails, such as dry-run defaults and mandatory user confirmation before committing changes, with no evidence of malicious intent or data exfiltration.
能力标签
requires-oauth-token
能力评估
Purpose & Capability
The skill's name, description, and runtime instructions all describe migrating Prisma Access (SCM) configurations via the Palo Alto Networks Strata Cloud Manager API — the declared need for API credentials and curl/jq is consistent with that purpose.
Instruction Scope
The SKILL.md and reference file instruct the agent to perform OAuth token requests and many GET/POST calls against api.sase.paloaltonetworks.com and auth.apps.paloaltonetworks.com, and show example environment variables named SRC_SCM_*/DST_SCM_* and SCM_TSG_ID. However, the skill's declared requirements list only SCM_CLIENT_ID and SCM_CLIENT_SECRET (singular) and no TSG IDs. The runtime instructions therefore reference environment variables that the registry metadata does not declare — an inconsistency that can cause failures or misconfiguration. Apart from that mismatch, the instructions do not direct traffic to unexpected external endpoints or ask to read unrelated system files.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk by an installer. It relies on standard CLI tools (curl, jq) which are reasonable for making API calls and processing JSON.
Credentials
Requesting SCM API credentials is appropriate for this migration task, but the declared required env vars (SCM_CLIENT_ID, SCM_CLIENT_SECRET) are insufficient and mismatched vs. the SKILL.md examples (SRC_SCM_CLIENT_ID, SRC_SCM_CLIENT_SECRET, DST_SCM_CLIENT_ID, DST_SCM_CLIENT_SECRET, SRC_SCM_TSG_ID, DST_SCM_TSG_ID). The primaryEnv is set to SCM_CLIENT_ID in metadata, which doesn't reflect that two separate tenant credentials and TSG IDs are needed. This ambiguity increases chance of credential mishandling and operational error. No unrelated credentials are requested.
Persistence & Privilege
The skill is not always-enabled and disable-model-invocation is true (so the model cannot autonomously invoke it). It does not request system config paths or attempt to persist beyond its own runtime instructions.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install prisma-migrate
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /prisma-migrate 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
## v1.1.0 / 迁移兼容性矩阵 ### English Added real-world migration compatibility matrix: what can be migrated directly via SCM API, what requires manual handling. Key findings: Service Account permissions block URL/Data/AI profiles, conflict detection must check all folders, Profile Groups support partial migration. ### 中文 新增实测迁移兼容性矩阵:哪些可直接通过 SCM API 迁移,哪些需要手动处理。关键发现:Service Account 权限限制导致部分高级配置无法导出,冲突检测需覆盖所有 folder,配置组支持部分迁移。
v1.0.1
## v1.0.0 Initial Release / 首次发布 ### English Migrate configurations between Prisma Access tenants (TSGs) via SCM API. **Migration workflow:** 1. Export from source tenant (dependency-ordered: tags → addresses → groups → profiles → policies) 2. Conflict detection (name conflicts, reference conflicts, zone mismatches) 3. Transform and import to target tenant 4. Candidate config validation 5. User-confirmed commit **Safety features:** dry-run by default, no auto-commit, rollback guidance, rate limit respect. ### 中文 通过 SCM API 在 Prisma Access 租户 (TSG) 之间迁移配置。 **迁移流程:** 1. 从源租户导出(按依赖顺序:标签 → 地址 → 组 → 配置文件 → 策略) 2. 冲突检测(名称冲突、引用冲突、区域不匹配) 3. 转换并导入到目标租户 4. 候选配置验证 5. 用户确认后提交 **安全特性:** 默认试运行、不自动提交、提供回滚指导、遵守速率限制。
v1.0.0
Initial release: tenant-to-tenant configuration migration via SCM API
元数据
Slug prisma-migrate
版本 1.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

prisma-migrate 是什么?

Migrate Prisma Access configurations between different SCM tenants (TSGs). Use when moving security policies, NAT rules, address objects, and other configura... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 101 次。

如何安装 prisma-migrate?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install prisma-migrate」即可一键安装,无需额外配置。

prisma-migrate 是免费的吗?

是的,prisma-migrate 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

prisma-migrate 支持哪些平台?

prisma-migrate 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 prisma-migrate?

由 H@CKMEN(@leesandao)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论