Alibaba Cloud DMS Database Read/Write Skill. Use this skill to search for target databases in DMS and execute SQL queries and data modifications.
Triggers: "DMS query", "database query", "execute SQL", "search database", "DMS SQL", "insert data", "update data".
Search for target databases and execute SQL queries and data modifications via Alibaba Cloud DMS OpenAPI.
Scenario Description
This skill implements the following workflow:
Search Target Database — Search databases by keyword to get Database ID
Execute SQL Query — Execute SQL statements on the target database
Architecture
text
User Request → Search Database → Get Database ID → Execute SQL → Return Results
Prerequisites
AI-Mode Lifecycle (MUST follow in order)
This skill MUST run inside an AI-Mode session. Treat the following five steps as a strict lifecycle — do not skip, reorder, or interleave the setup steps with command execution:
Steps 1–3 belong to setup (this section). Step 4 is covered by Core Workflow. Step 5 is covered by Cleanup.
Pre-checks
Pre-check 0: Aliyun CLI >= 3.3.3 required
Run aliyun version to verify >= 3.3.3. If not installed or version too low,
run curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash to install/update,
or see references/cli-installation-guide.md for installation instructions.
Pre-check 1: Enable AI-Mode
[MUST] run aliyun configure ai-mode enable to enable AI-Mode before any other configuration or command.
This activates the AI-Mode session that downstream OpenAPI services use to recognize agent-issued traffic.
Pre-check 2: Register skill User-Agent under AI-Mode
[MUST] run aliyun configure ai-mode set-user-agent AlibabaCloud-Agent-Skills/alibabacloud-dms-skill
to register this skill's identifier as the AI-Mode User-Agent for the current session.
Run this immediately after ai-mode enable and before any plugin update or DMS command.
Pre-check 3: Aliyun CLI plugin update required
[MUST] run aliyun configure set --auto-plugin-install true to enable automatic plugin installation.
[MUST] run aliyun plugin update to ensure that any existing plugins are always up-to-date.
Plugin update MUST happen AFTER AI-Mode is enabled and the User-Agent is registered, so the plugin manager itself reports the correct identifier.
Aliyun CLI >= 3.3.3
jq (for JSON parsing): brew install jq
Credentials configured via aliyun configure
Pre-check 4: Alibaba Cloud Credentials Required
Security Rules:
NEVER read, echo, or print AK/SK values (e.g., echo $ALIBABA_CLOUD_ACCESS_KEY_ID is FORBIDDEN)
NEVER ask the user to input AK/SK directly in the conversation or command line
NEVER use aliyun configure set with literal credential values
ONLY use aliyun configure list to check credential status
bash
aliyun configure list
Check the output for a valid profile (AK, STS, or OAuth identity).
Configure credentials outside of this session (via aliyun configure in terminal or environment variables in shell profile)
Return and re-run after aliyun configure list shows a valid profile
[MUST] Per-command CLI User-Agent — In addition to the AI-Mode User-Agent registered in Pre-check 2,
every aliyun CLI command invocation in step 4 MUST also include:
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-dms-skill
The per-command flag and the AI-Mode session-level setting are complementary — both MUST be present so the identifier is sent on every request even if the AI-Mode session expires.
RAM Permissions
[MUST] RAM Permission Pre-check: Verify that the current user has the following RAM permissions before execution.
See references/ram-policies.md for the complete permission list.
Parameter Confirmation
IMPORTANT: Parameter Confirmation — Before executing any command or API call,
ALL user-customizable parameters (e.g., database keyword, SQL statement, db-id, etc.)
MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval.
This skill performs read and write operations but does not create persistent resources, so no database resources need to be released.
However, the AI-Mode lifecycle requires an explicit teardown step:
[MUST] Disable AI-Mode after all tasks complete
Run aliyun configure ai-mode disable once all DMS commands in this skill session have finished
(success or failure). This terminates the AI-Mode session and prevents the registered
AlibabaCloud-Agent-Skills/alibabacloud-dms-skill User-Agent from leaking into subsequent unrelated CLI usage.
bash
aliyun configure ai-mode disable
Write Operation Safety
Operation Type
Behavior
SELECT / SHOW / DESC
Execute directly
INSERT / UPDATE / DELETE
Require --force or --dry-run
DROP / TRUNCATE / ALTER / RENAME
Blocked — use DMS Console
Available Scripts
Script
Description
scripts/search_database.sh
Search databases by keyword
scripts/execute_query.sh
Execute SQL queries
Note: Scripts use aliyun-cli credentials configured via aliyun configure.
Best Practices
Confirm database — Verify the target database before executing SQL
Use --json parameter — Facilitates programmatic processing of output
Preview write operations — Always use --dry-run first for INSERT/UPDATE/DELETE
Explicit confirmation — Use --force only after reviewing the preview
Avoid DDL operations — DROP/TRUNCATE/ALTER/RENAME are blocked; use DMS Console instead