Aliyun Devops Manage

v1.0.0

Use when managing Alibaba Cloud DevOps (Yunxiao 2020) via OpenAPI/SDK, including project/repository/pipeline resource discovery, read-only inspection, and sa...

⭐ 0· 12·0 current·0 all-time

by@cinience

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name, description, SKILL.md, and included scripts align: they implement DevOps API discovery and read-only listing of projects/repositories/pipelines via Alibaba Cloud SDK. However, the registry metadata declares no required environment variables or primary credential while the scripts and SKILL.md clearly expect Alibaba Cloud access keys (ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET and optional token/region). This mismatch is likely an omission but is relevant to install-time trust decisions.

Instruction Scope

SKILL.md instructs the agent/operator to install Python SDKs and to prefer environment credentials, and the scripts read environment variables and write artifacts under output/aliyun-devops-manage/. The instructions do not attempt to access unrelated system files, network endpoints other than api.aliyun.com, or exfiltrate data to private endpoints — that's appropriate. The concern is that instructions reference environment variables and credential lookup behaviors that were not declared in the skill metadata, meaning an agent/platform cannot automatically surface the credential requirement to users.

✓

Install Mechanism

This is an instruction-only skill (no install spec). It includes Python scripts and asks the user to install official-sounding PyPI packages (alibabacloud_devops20210625, alibabacloud_tea_openapi). There are no downloads from arbitrary URLs, no archive extraction, and network calls in code target official api.aliyun.com — install mechanism risk is low/expected.

Credentials

The runtime code requires Alibaba Cloud credentials and optionally a security token and region (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, ALICLOUD_SECURITY_TOKEN, ALICLOUD_REGION_ID) which are appropriate for the stated purpose. The problem is the skill registry metadata did not declare these required environment variables or a primary credential, so the platform/user may not be warned that secrets are needed. The scripts also accept alternate env var names (ALIBABA_CLOUD_*) which expands credential lookup surface — expected but worth noting.

✓

Persistence & Privilege

The skill is not always-enabled and does not request persistent elevated privileges. It only writes to its own output/aliyun-devops-manage/ directory per SKILL.md; it does not modify other skills or system-wide configurations. Autonomous invocation is allowed (platform default) but not in itself a red flag here.

What to consider before installing

This skill appears to actually do what it says (read-only discovery of Alibaba Cloud DevOps resources), but the registry metadata omits the fact that the scripts require Alibaba Cloud access keys and an optional token/region. Before installing: (1) Treat this as needing valid ALICLOUD_ACCESS_KEY_ID and ALICLOUD_ACCESS_KEY_SECRET — only provide least-privilege (read-only) credentials scoped to the target account/organization. (2) Review the included scripts locally (they are short) and run them in an isolated environment (Python venv) after inspecting the pip package names. (3) Confirm you trust the skill owner since the skill will make API calls to api.aliyun.com and will write outputs to output/aliyun-devops-manage/. (4) Ask the publisher to update the skill metadata to declare the required environment variables/primary credential so the platform can surface that requirement. If you cannot verify the owner or cannot supply scoped read-only keys, do not enable the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f5mkxr29j6f4czcn5a6werx843rn0

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Category: service

Alibaba Cloud DevOps (Yunxiao)

Purpose

Use Alibaba Cloud DevOps OpenAPI to support:

project, repository, and pipeline inventory
work item and test resource inspection
release and execution status checks
metadata-driven API discovery before production changes

Prerequisites

Configure least-privilege Alibaba Cloud credentials.
Install Python SDK dependencies for local scripts:

python3 -m venv .venv
. .venv/bin/activate
python -m pip install -U alibabacloud_devops20210625 alibabacloud_tea_openapi

Prefer environment variables:
- ALICLOUD_ACCESS_KEY_ID
- ALICLOUD_ACCESS_KEY_SECRET
- optional ALICLOUD_REGION_ID

AccessKey Priority

Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID
Shared credentials file: ~/.alibabacloud/credentials

If region/environment is unclear, confirm with user before mutating operations.

Workflow

Confirm target organization/project scope and change window.
Run API discovery and confirm exact API names and required parameters.
Execute read-only APIs first (List* / Get* / Query*).
Run mutating APIs only after rollback and owner confirmation.
Save outputs and evidence to output/aliyun-devops-manage/.

API Discovery

Product code: devops
Default API version: 2021-06-25
Metadata source: https://api.aliyun.com/meta/v1/products/devops/versions/2021-06-25/api-docs.json

Minimal Executable Quickstart

python skills/platform/devops/aliyun-devops-manage/scripts/list_openapi_meta_apis.py

Optional arguments:

python skills/platform/devops/aliyun-devops-manage/scripts/list_openapi_meta_apis.py \
  --product-code devops \
  --version 2021-06-25 \
  --output-dir output/aliyun-devops-manage

List projects (read-only):

python skills/platform/devops/aliyun-devops-manage/scripts/list_projects.py \
  --organization-id <organization-id> \
  --region cn-hangzhou \
  --max-results 20 \
  --output output/aliyun-devops-manage/projects.txt

List repositories (read-only):

python skills/platform/devops/aliyun-devops-manage/scripts/list_repositories.py \
  --organization-id <organization-id> \
  --region cn-hangzhou \
  --page 1 \
  --per-page 20 \
  --output output/aliyun-devops-manage/repositories.txt

List pipelines (read-only):

python skills/platform/devops/aliyun-devops-manage/scripts/list_pipelines.py \
  --organization-id <organization-id> \
  --region cn-hangzhou \
  --max-results 20 \
  --output output/aliyun-devops-manage/pipelines.txt

Common Operation Map

Project and membership: CreateProject, GetProject, ListProjectMembers, UpdateProject
Code repository: CreateRepository, GetRepository, ListRepositories, CreateMergeRequest
Pipeline and release: CreatePipeline, GetPipeline, ListPipelines, RunPipeline
Work items and test: CreateWorkitem, GetWorkitemDetail, ListTestCase, CreateTestCase

See references/api_quick_map.md for grouped APIs.

Script Catalog

scripts/list_openapi_meta_apis.py: fetch metadata and generate API inventory files.
scripts/list_projects.py: list projects in one organization.
scripts/list_repositories.py: list repositories in one organization.
scripts/list_pipelines.py: list pipelines in one organization.

Validation

mkdir -p output/aliyun-devops-manage
for f in skills/platform/devops/aliyun-devops-manage/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/aliyun-devops-manage/validate.txt

Pass criteria: command exits 0 and output/aliyun-devops-manage/validate.txt is generated.

Output And Evidence

Save artifacts, command outputs, and API response summaries under output/aliyun-devops-manage/.
Include key parameters (region/resource id/time range) in evidence files for reproducibility.

References

Source list: references/sources.md
API quick map: references/api_quick_map.md
Operation templates: references/templates.md

Files

10 total

Select a file

Select a file to preview.

Comments

Loading comments…