ClawHub

Alibaba Cloud Model Setup

v0.1.4

Configure OpenClaw to use Alibaba Cloud Bailian provider (Pay-As-You-Go or Coding Plan) through a strict interactive flow. Supports 5 site options and flagsh...

1· 1.7k·2 current·2 all-time
by@extraterrest
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe adding/switching an Alibaba (Bailian) provider; included files (SKILL.md, reference doc, and a Python script) implement exactly that: listing models, selecting site/plan, validating an API key, backing up and writing OpenClaw JSON, and optionally persisting an env var. No unrelated credentials, services, or binaries are requested.
Instruction Scope
SKILL.md and the script explicitly read and write OpenClaw-style config files (~/.openclaw/openclaw.json and fallbacks), validate keys against Bailian endpoints, and offer non-interactive flags. They also include operations beyond simple JSON editing: writing export lines to shell profile and writing systemd user overrides plus restarting a user service. Those extra actions are coherent for making environment variables persistent, but they modify shell/systemd files and restart services and therefore warrant explicit user approval before running with persistence flags.
Install Mechanism
Instruction-only skill with no install spec; the only executable shipped is a Python script. No network download/install of third-party code is performed by the skill itself (other than contacting Bailian endpoints for validation), so install risk is low.
Credentials
The skill does not declare required env vars up front (metadata lists none) but the script prompts for an API key and supports storing it inline or in an environment variable (default DASHSCOPE_API_KEY). Requesting an API key is appropriate for this purpose, but users should note the script can persist that secret into shell profiles or systemd units if persistence flags are used.
Persistence & Privilege
always:false (normal). The script can make persistent system changes (append export to shell profile, write systemd user overrides, and restart a user service). This is consistent with wanting the provider key available to a running openclaw service, but it has side effects on the user environment and services that should be consciously authorized.
Assessment
This skill appears to do what it says: add or update a 'bailian' provider in your OpenClaw config. Before running it: (1) review scripts/alibaba_cloud_model_setup.py yourself to confirm behavior (it will back up and overwrite your OpenClaw JSON), (2) avoid using the '--persist-env-shell' or '--persist-env-systemd' flags unless you want the API key written into your shell profile or systemd user config and are comfortable with the script restarting the openclaw user service, (3) prefer environment-variable mode over inline storage for secrets, and (4) keep a copy of the backup file created by the script so you can restore if needed. If you are unsure, run the script with --list-models or --non-interactive (no-write) first to inspect outputs without changing files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97751j28jx84g6vamywkm43jn824whk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments