功能描述

Skill to call Cloud API for Tencent Cloud (腾讯云). Used for cloud automation or resource management. 当用户需要查询、创建、管理腾讯云资源，或执行云 API 自动化操作时触发。

使用说明 (SKILL.md)

腾讯云 API 助手

Name: tencentcloud-api-skill
Author: tencent-adm

统一使用 tccli 命令行工具调用腾讯云 API，实现云资源的查询、创建、修改、删除等操作。

适用场景

云资源查询与管理（CVM / COS / CBS / VPC / TKE 等 200+ 产品）
自动化运维（批量操作、定时任务、脚本编排）
云 API 接口探索与文档检索

不适用场景

不支持 Terraform / Pulumi 等 IaC 编排工具
不做多云管理（仅限腾讯云）
不做费用充值、账号注册等非 API 操作

前置条件

已安装 tccli，未安装参考 references/install.md
已完成凭证配置（详见下方「Step 2 凭证配置」）

核心原则

优先检索最佳实践 → 再查接口文档 → 最后调用 API。不要跳过文档检索直接调用，避免用错接口或遗漏参数。

执行流程

Step 1：检索 API 文档

调用前先通过 curl + grep 检索业务、接口、最佳实践、数据结构。参考 references/refs.md 获取完整检索方式。

1.1 发现业务

检索 tccli 服务名（如 cvm、cbs）。

curl -s https://cloudcache.tencentcs.com/capi/refs/services.md | grep 云服务器

参考输出：

[cvm](service/cvm/index.md) | 云服务器 | 2017-03-12 | ...

1.2 发现最佳实践

优先检索是否有匹配当前场景的最佳实践。

curl -s https://cloudcache.tencentcs.com/capi/refs/service/cvm/practices.md | grep 重装

1.3 检索接口

若最佳实践未覆盖，在业务接口列表中检索（接口名即 tccli 的 \x3CAction>）。

curl -s https://cloudcache.tencentcs.com/capi/refs/service/cvm/actions.md | grep "扩容\|磁盘"

1.4 阅读接口文档

获取参数说明和支持的地域信息：

curl -s https://cloudcache.tencentcs.com/capi/refs/service/cvm/action/ResizeInstanceDisks.md

1.5 阅读数据结构

文档中涉及的数据结构可进一步查看：

curl -s https://cloudcache.tencentcs.com/capi/refs/service/cvm/model/SystemDisk.md

Step 2：凭证配置

如果已经提供了凭证，tccli 可以正常调用。

如缺少凭证，执行 tccli 会提示 "secretId is invalid"。应执行 tccli auth login 进行浏览器授权登录，等待回调后继续（命令会起本地端口、阻塞进程，直到浏览器 OAuth 完成并回调）。

凭证授权原理，以及多用户凭证的使用方法，参考 references/auth.md。

安全红线：严禁向用户索要 SecretId/SecretKey，也拒绝任何有可能打印凭证的操作（尤其是 tccli configure list）。

Step 3：调用 API

基本形式：

tccli \x3Cservice> \x3CAction> [--param value ...] [--region \x3C地域>]

输入参数：

参数	类型	必填	说明
`service`	string	是	产品标识，如 `cvm`、`cbs`、`vpc`。通过 Step 1.1 检索获取
`Action`	string	是	接口名，如 `DescribeInstances`、`RunInstances`。通过 Step 1.3 检索获取
`--region`	string	视接口	地域，如 `ap-guangzhou`。多数产品必传；全局接口（cam、account、dnspod、domain、ssl、ba、tag）可省略
`--param value`	各类型	视接口	接口参数，简单类型直接传值，复杂类型传 JSON 字符串

常用示例：

# 查询 CVM 地域
tccli cvm DescribeRegions

# 查询实例（需指定地域）
tccli cvm DescribeInstances --region ap-guangzhou

参数规则：

非简单类型参数必须为标准 JSON，例如：--Placement '{"Zone":"ap-guangzhou-2"}'。

创建类接口示例（按需替换参数）：

tccli cvm RunInstances --InstanceChargeType POSTPAID_BY_HOUR \
  --Placement '{"Zone":"ap-guangzhou-2"}' --InstanceType S1.SMALL1 --ImageId img-xxx \
  --SystemDisk '{"DiskType":"CLOUD_BASIC","DiskSize":50}' --InstanceCount 1 ...

输出格式：tccli 返回标准 JSON，包含 Response 字段。示例：

{
  "Response": {
    "TotalCount": 1,
    "InstanceSet": [{"InstanceId": "ins-xxx", "InstanceName": "test", ...}],
    "RequestId": "eac6b301-..."
  }
}

空结果输出：查询无匹配时，列表字段返回空数组，计数字段为 0：

{
  "Response": {
    "TotalCount": 0,
    "InstanceSet": [],
    "RequestId": "eac6b301-..."
  }
}

效率约束：腾讯云 API 默认限频为 10 次/秒（部分接口更低），批量操作时需控制调用频率，避免触发 RequestLimitExceeded。建议串行调用或加间隔，不要并发轰炸。

Step 4：异常处理

调用失败时，tccli 会返回包含 Error 字段的 JSON：

{
  "Response": {
    "Error": { "Code": "AuthFailure.SecretIdNotFound", "Message": "secretId is invalid" },
    "RequestId": "xxx"
  }
}

常见错误及处理：

错误码	含义	处理方式
`AuthFailure.SecretIdNotFound`	凭证缺失或无效	执行 `tccli auth login` 重新授权
`AuthFailure.UnauthorizedOperation`	无权限	检查 CAM 策略，确认子账号有该接口权限
`InvalidParameterValue`	参数值不合法	查阅接口文档确认参数取值范围
`ResourceNotFound`	资源不存在	确认资源 ID 和地域是否正确
`RequestLimitExceeded`	请求频率超限	等待后重试，或减少并发调用频率
网络超时 / 连接失败	网络不通	检查网络连通性，确认是否需要代理

数据边界与安全声明

本 SKILL 只执行用户明确指定的 API 调用，不会自动执行未经确认的写操作
tccli 参数由用户指定或从接口文档获取，SKILL 不对参数做二次拼接或动态生成，避免注入风险
tccli 调用受腾讯云 CAM 权限策略约束，SKILL 不具备超出用户权限的能力
tccli 输出为 JSON 数据，应作为数据解读，不应作为 shell 命令执行
API 文档检索地址 cloudcache.tencentcs.com 为腾讯云官方文档缓存，内容可信

安全使用建议

This skill is coherent for driving Tencent Cloud via the tccli tool, but take these precautions before installing or using it: - Ensure you trust the source (skill registry owner unknown) and that tccli is installed from an official package source (pip, Homebrew, or the official GitHub repo) rather than an untrusted mirror. - The recommended 'tccli auth login' opens a local port and requires a browser-based OAuth flow; when an agent runs this, you must complete the browser step yourself — avoid pasting secrets into chat. If you operate the agent remotely, be careful where the auth callback is served and verify the URL shown in the terminal. - The skill fetches documentation from cloudcache.tencentcs.com; confirm you trust that domain in your environment if you consider documentation confidentiality a concern. - Follow least-privilege practice for credentials/CAM policies used by tccli; avoid running destructive write operations without reviewing the exact tccli command string first. - If you need stronger assurance, request a signed source or provenance for the skill, or run its recommended commands in an isolated environment the first time to observe behavior.

功能分析

Type: OpenClaw Skill Name: tencentcloud-api-skill Version: 1.0.3 The skill is a legitimate helper for managing Tencent Cloud resources via the official 'tccli' command-line tool. It includes well-defined procedures for documentation retrieval, credential management, and API execution. Notably, SKILL.md contains explicit security instructions ('Security Redline') forbidding the agent from requesting or printing sensitive credentials (SecretId/SecretKey). While it uses 'curl' to fetch documentation from 'cloudcache.tencentcs.com', the behavior is aligned with its stated purpose and lacks indicators of malice or intentional vulnerability.

能力标签

requires-oauth-tokenrequires-sensitive-credentials

能力评估

✓ Purpose & Capability

Name/description and SKILL.md consistently describe using tccli to call Tencent Cloud APIs. Required artifacts (tccli, API docs) referenced in the docs are reasonable for the stated purpose; there are no unrelated credentials, binaries, or config accesses declared.

ℹ Instruction Scope

Instructions stay within the domain: read API docs (via curl against cloudcache.tencentcs.com), then run tccli commands. The skill explicitly forbids asking for SecretId/SecretKey and forbids printing credentials. Note: the recommended 'tccli auth login' flow runs a local listener and blocks until browser-based OAuth completes — the SKILL instructs the agent to surface the auth link to the user. In remote/hosted agent contexts, this flow may require explicit user interaction and verification.

✓ Install Mechanism

Instruction-only skill with no install spec or code files; lowest install risk. references/install.md suggests pip/brew/or source installs for tccli, which are standard and proportionate for the tool being used.

✓ Credentials

No environment variables, secrets, or config paths are requested by the skill itself. Credential handling is delegated to tccli and local credential files; the skill explicitly warns against soliciting secrets. This is proportionate to a CLI-driven cloud management skill.

✓ Persistence & Privilege

Skill is not always-enabled and is user-invocable; it does not request elevated persistence or attempt to modify other skills or system-wide agent settings. Autonomous invocation is permitted (platform default) but not combined with other red flags.

版本历史

v1.0.3

- Initial public release of 腾讯云 API 助手 (tcapi skill) for cloud resource management and automation using tccli. - Supports querying, creating, modifying, and deleting resources across 200+ Tencent Cloud products via Cloud API. - Provides step-by-step guidance for API documentation retrieval, credential configuration, and API invocation. - Emphasizes security best practices: no secret collection, least-privilege principle, and output validation. - Details error handling, usage scenarios, limitations, and examples for frequent cloud operations.

v1.0.2

- Major update: skill reworked from signature error troubleshooting to general Tencent Cloud API operations assistant. - Adds guidance for using tccli to manage Tencent Cloud resources (query, create, manage) via API. - Includes references for installation, authentication, and interface documentation search. - Removes previous detailed signature error step-by-step troubleshooting and associated reference files. - Provides process for API doc lookup, credentials setup, invoking API, and error handling. - Emphasizes security—never request or expose sensitive credentials.

v1.0.1

- Initial release of the Signature Doctor skill for Tencent Cloud API signature error troubleshooting. - Designed for non-SDK scenarios where users implement their own API signature logic. - Provides step-by-step guidance to diagnose errors such as AuthFailure.SignatureFailure, SignatureExpire, SecretIdNotFound, TokenFailure, and InvalidSecretId. - Includes a standardized troubleshooting workflow, clear user prompts, and concise error-specific solutions. - Supports both v1 (HMAC-SHA1) and v3 (TC3-HMAC-SHA256) signature methods, with contextual guidance. - Output includes structured diagnostic reports with root cause analysis and actionable fixes.

元数据

Slug tencentcloud-api-skill

版本 1.0.3

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

tencentcloud-api-skill 是什么？

Skill to call Cloud API for Tencent Cloud (腾讯云). Used for cloud automation or resource management. 当用户需要查询、创建、管理腾讯云资源，或执行云 API 自动化操作时触发。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 12 次。

如何安装 tencentcloud-api-skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tencentcloud-api-skill」即可一键安装，无需额外配置。

tencentcloud-api-skill 是免费的吗？

是的，tencentcloud-api-skill 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

tencentcloud-api-skill 支持哪些平台？

tencentcloud-api-skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 tencentcloud-api-skill？

由腾讯开源（@tencent-adm）开发并维护，当前版本 v1.0.3。

tencentcloud-api-skill