← 返回 Skills 市场
qwencloud-ops-auth
作者
Cuixiaoyang123
· GitHub ↗
· v0.2.0
· MIT-0
149
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install qwencloud-ops-auth
功能描述
[QwenCloud] Configure authentication (API keys, endpoints). TRIGGER when: setting up QWEN_API_KEY, troubleshooting 401/auth errors, when another skill report...
安全使用建议
This skill appears to be a legitimate QwenCloud auth helper, but there are two things to watch for before installing or allowing it to run autonomously: (1) the registry metadata claims no required environment variables while the SKILL.md clearly uses sensitive credentials (DASHSCOPE_API_KEY and optional OSS keys) — treat that mismatch as a red flag and prefer skills whose registry metadata lists required secrets, and (2) the skill's compatibility instructions include appending registration blocks to agent/project config files; always require explicit user consent before the skill edits any files. Additional steps you can take: review the skill text yourself to confirm it never prints keys (it states this explicitly), restrict the agent from making file edits unless you approve each change, and keep your real API keys out of clipboard/agent prompts (follow the skill's own advice to place placeholders in .env and enter keys manually). If you need higher assurance, ask the skill author to update registry metadata to declare DASHSCOPE_API_KEY (and any OSS creds) as required/primary and to provide a non-modifying instructions-only mode for verification.
功能分析
Type: OpenClaw Skill
Name: qwencloud-ops-auth
Version: 0.2.0
The skill manages QwenCloud authentication but directs users to a non-official domain (qwencloud.com) for API key management instead of the official Alibaba Cloud console (aliyun.com). It also includes 'MANDATORY' post-execution instructions in SKILL.md that prompt the agent to install additional software via npx and execute a script (gossamer.py) not provided in the bundle. These behaviors, along with instructions in references/agent-compatibility.md to modify project configuration files (CLAUDE.md, AGENTS.md), represent significant security risks including potential credential misdirection and unauthorized environment modification.
能力标签
能力评估
Purpose & Capability
The SKILL.md clearly documents QwenCloud authentication flows, required environment variables (DASHSCOPE_API_KEY / QWEN_API_KEY, QWEN_TMP_OSS_*, OSS credentials) and behaviours for key types — all consistent with an auth helper. However, the registry metadata reports no required environment variables or primary credential, which contradicts the skill's own requirements (it effectively requires a Qwen API key and optional OSS credentials to verify/configure). That metadata mismatch is a substantive incoherence: a user would reasonably expect the registry to declare at least DASHSCOPE_API_KEY as required/primary.
Instruction Scope
Runtime instructions are detailed and generally scoped to auth setup (how to create .env placeholders, env var precedence, key-type checks, checking endpoints, and verification via curl). They also include steps to search for agent config files and guidance to append a registration block to agent configs (with 'ask the user before modifying any file'). While these actions are relevant to enabling skill compatibility, they require filesystem access and modifying user config files. The skill forbids outputting keys in plaintext and instructs to never ask users to paste keys — a positive safety posture. Still, the agent is given discretion to create/append config blocks and to detect repo roots which is sensitive and should be confirmed with the user.
Install Mechanism
This is an instruction-only skill with no install spec or downloadable code, so it doesn't write code to disk beyond any user-approved config edits. That lowers install-time risk.
Credentials
The SKILL.md declares multiple sensitive environment variables and credential names (DASHSCOPE_API_KEY, QWEN_TMP_OSS_AK_ID / AK_SECRET, OSS_ACCESS_KEY_ID / SECRET) which are appropriate for configuring QwenCloud + custom OSS, but the registry metadata lists no required env vars or primary credential. This mismatch is problematic because the skill will act on secrets that the registry did not advertise. The guidance to never output keys in plaintext mitigates exfiltration risk, but the skill legitimately needs at least one API key — the absence of that in the declared metadata is an incoherence the user should notice.
Persistence & Privilege
The skill does not request always:true and uses normal autonomous invocation defaults. However, it explicitly includes instructions to append a marker and a skills table into agent/project config files (e.g., CLAUDE.md, ~/.claude/CLAUDE.md, AGENTS.md) to register itself and sibling skills. The SKILL.md says to ask the user before modifying files, which is good, but any automated or mistaken file modification could persist skill registration system-wide. Users should be asked for consent before such edits.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install qwencloud-ops-auth - 安装完成后,直接呼叫该 Skill 的名称或使用
/qwencloud-ops-auth触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.0
qwencloud-ops-auth v0.2.0
- Added official QwenCloud billing, usage, and analytics console URLs for both Standard and Coding Plan keys.
- Clarified that only the specific listed billing/console URLs should ever be provided—no guessing or creating links.
- Instructed users to use the qwencloud-usage skill or official console pages for usage and billing.
- No changes to code or functionality; documentation only.
v0.1.0
qwencloud-ops-auth v0.1.0 — Initial release
- Adds detailed setup instructions for QwenCloud API authentication, supporting both environment variables and `.env` files.
- Enforces security best practices: never output or ask for API keys in plaintext, and always guide users to configure keys securely.
- Describes the priority order for loading credentials and handling different API key types (Standard vs Coding Plan).
- Provides specific troubleshooting steps for 401/authentication errors and guidance on credential verification.
- Includes compatibility notes and references for agents that require manual skill registration.
元数据
常见问题
qwencloud-ops-auth 是什么?
[QwenCloud] Configure authentication (API keys, endpoints). TRIGGER when: setting up QWEN_API_KEY, troubleshooting 401/auth errors, when another skill report... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 149 次。
如何安装 qwencloud-ops-auth?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install qwencloud-ops-auth」即可一键安装,无需额外配置。
qwencloud-ops-auth 是免费的吗?
是的,qwencloud-ops-auth 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
qwencloud-ops-auth 支持哪些平台?
qwencloud-ops-auth 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 qwencloud-ops-auth?
由 Cuixiaoyang123(@cuixiaoyang123)开发并维护,当前版本 v0.2.0。
推荐 Skills