ClawHub

ctyun-cli-天翼云-命令行

v1.0.0

天翼云CLI工具 - 企业级命令行工具,帮助您轻松管理天翼云资源。支持ECS、VPC、EBS、ELB、CCE、Redis、监控、账务等11大服务模块,覆盖217+个API,210+个命令。

0· 49·0 current·0 all-time
by@fengyucn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and instructions all describe a CLI for managing 天翼云 (CTYUN). Required binary is ctyun-cli and the SKILL.md gives installation instructions (pip, pipx, from source) and command examples that match the stated capability. No unrelated services or credentials are requested.
Instruction Scope
The SKILL.md is a large set of usage examples and install/config instructions for the CLI; it does not instruct the agent to read arbitrary system files, exfiltrate data to unknown endpoints, or access credentials unrelated to CTYUN. All example commands are what you'd expect for a cloud CLI.
Install Mechanism
No install spec is embedded in the skill (instruction-only). The SKILL.md recommends installing from PyPI, pipx, or GitHub — well-known sources and standard mechanisms. No download-from-untrusted-URL or opaque extract steps are present.
Credentials
The documentation tells users how to supply CTYUN_ACCESS_KEY and CTYUN_SECRET_KEY, which is appropriate for a cloud CLI. This is expected, but users should consider using least-privilege credentials and avoid committing long-lived secrets to shell startup files without understanding the risk.
Persistence & Privilege
Skill is not always-enabled (always: false) and is user-invocable. It does not request persistent system privileges, modify other skills, or claim the ability to auto-enable itself.
Assessment
This skill appears to be a straightforward wrapper/guide for the third‑party ctyun-cli. Before installing or supplying credentials: (1) verify the PyPI package owner and GitHub repository are legitimate and maintained (watch for typosquatting); (2) prefer pipx or a virtualenv to isolate the tool; (3) create and use least-privilege API keys or temporary credentials rather than full-root keys; (4) avoid pasting secrets into shared files or git-tracked files — if you add creds to ~/.bashrc, understand the tradeoffs; (5) inspect the package source (or the wheel) if you need stronger assurance; and (6) pin versions and check package hashes when deploying in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk976vek7jggccxj3frkjz2abes83rmr9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
Binsctyun-cli

Comments