Aliyun Swas Manage
v1.0.0Use when managing Alibaba Cloud Simple Application Server (SWAS OpenAPI 2020-06-01) resources end-to-end, including querying instances, starting/stopping/reb...
⭐ 0· 8·0 current·0 all-time
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the included code and references (SWAS OpenAPI operations and Cloud Assistant). However the skill does not declare any required environment variables or primary credential while the instructions and all scripts clearly expect Alibaba Cloud credentials (ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional security token and region). This mismatch is a meaningful incoherence: a cloud-management skill legitimately needs those credentials but the registry metadata does not list them.
Instruction Scope
SKILL.md and the scripts instruct the agent to perform read and mutating operations via the SWAS RunCommand API (including restarting SSH, modifying /etc/ssh/sshd_config, inserting authorized_keys). The fix_ssh_access script reads a local public key file (~/.ssh/id_ed25519.pub) and embeds its contents into a remote command — that is an explicit local file read and will transmit that content to the instance via the cloud API. The runtime instructions expect mutating actions and require confirmation of region/instance IDs, but they also default behaviors (e.g., default pubkey path) that may be surprising. The instructions reference environment variables that are not declared in metadata.
Install Mechanism
There is no install spec (instruction-only), which reduces installer risk. However the SKILL.md recommends installing Python packages (alibabacloud_swas_open20200601, alibabacloud_tea_openapi, alibabacloud_credentials) and the scripts require those SDKs at runtime. The registry metadata does not declare or install these dependencies automatically — users must run pip in a venv themselves. This is expected but worth calling out.
Credentials
The scripts and SKILL.md expect full Alibaba Cloud API credentials (AK/SK and optionally temporary security token) and an optional region env var. Those are high-sensitivity credentials appropriate for the stated cloud-management purpose — but the skill's metadata declares no required env vars or primary credential. Additionally, the skill reads a local file (~/.ssh/id_ed25519.pub) by default; while a public SSH key is not secret, reading local files is outside the cloud API domain and may be unexpected. The lack of declared credentials in metadata prevents the platform/user from making an informed grant decision.
Persistence & Privilege
The skill does not request always:true and does not persist or modify other skills or system-wide agent settings. It is user-invocable and allows model invocation (normal). No elevated platform persistence behavior was observed.
What to consider before installing
Before installing or running this skill, consider the following: (1) the skill requires Alibaba Cloud API credentials (AK/SK, optional security token) and a region to operate, but the registry metadata does not declare them — you will need to provide credentials manually; only grant least-privilege RAM permissions needed for the operations you intend to run. (2) Several scripts perform mutating actions (Restarting sshd, modifying /etc/ssh/sshd_config, changing authorized_keys) — these can lock you out or change instance behavior; review and test in a non-production instance first and confirm target instance IDs and region before running. (3) fix_ssh_access reads your local public key (~/.ssh/id_ed25519.pub) by default and embeds it into a remote command; if you don't want any local files read or transmitted, supply an alternate pubkey or edit the script. (4) The package dependencies (Alibaba Cloud Python SDKs) are not installed automatically; run the recommended pip install in a virtual environment and verify versions. (5) There are minor inconsistencies in the SKILL.md output/validation paths (output/compute-swas-open vs output/aliyun-swas-manage) — check the workflow artifacts and adjust paths if you rely on the validate step. If you accept these issues, manually inspect the scripts and run only read-only queries first to confirm behavior.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Category: service
Simple Application Server (SWAS-OPEN 2020-06-01)
Use SWAS-OPEN OpenAPI to manage full SAS resources: instances, disks, snapshots, images, key pairs, firewall, Cloud Assistant, monitoring, tags, and lightweight databases.
Prerequisites
- Prepare AccessKey with least-privilege RAM user/role.
- Choose correct region and matching endpoint (public/VPC).
ALICLOUD_REGION_IDcan be used as default region; if unset choose the most reasonable region, ask user if unclear. - This OpenAPI uses RPC signing; prefer Python SDK or OpenAPI Explorer instead of manual signing.
SDK Priority
- Python SDK (preferred)
- OpenAPI Explorer
- Other SDKs
Python SDK quick query (instance ID / IP / plan)
Virtual environment is recommended (avoid PEP 668 system install restrictions).
python3 -m venv .venv
. .venv/bin/activate
python -m pip install alibabacloud_swas_open20200601 alibabacloud_tea_openapi alibabacloud_credentials
import os
from alibabacloud_swas_open20200601.client import Client as SwasClient
from alibabacloud_swas_open20200601 import models as swas_models
from alibabacloud_tea_openapi import models as open_api_models
def create_client(region_id: str) -> SwasClient:
config = open_api_models.Config(
region_id=region_id,
endpoint=f"swas.{region_id}.aliyuncs.com",
)
ak = os.getenv("ALICLOUD_ACCESS_KEY_ID") or os.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")
sk = os.getenv("ALICLOUD_ACCESS_KEY_SECRET") or os.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")
if ak and sk:
config.access_key_id = ak
config.access_key_secret = sk
return SwasClient(config)
def list_regions():
client = create_client("cn-hangzhou")
resp = client.list_regions(swas_models.ListRegionsRequest())
return [r.region_id for r in resp.body.regions]
def list_instances(region_id: str):
client = create_client(region_id)
resp = client.list_instances(swas_models.ListInstancesRequest(region_id=region_id))
return resp.body.instances
def main():
for region_id in list_regions():
for inst in list_instances(region_id):
ip = getattr(inst, "public_ip_address", None) or getattr(inst, "inner_ip_address", None)
spec = getattr(inst, "plan_name", None) or getattr(inst, "plan_id", None)
print(inst.instance_id, ip or "-", spec or "-", region_id)
if __name__ == "__main__":
main()
Python SDK scripts (recommended for inventory and summary)
- All-region instance inventory (TSV/JSON):
scripts/list_instances_all_regions.py - Count instances by plan:
scripts/summary_instances_by_plan.py - Count instances by status:
scripts/summary_instances_by_status.py - Fix SSH key-based access (custom port supported):
scripts/fix_ssh_access.py - Get current SSH port of an instance:
scripts/get_ssh_port.py
CLI Notes
aliyunCLI may not exposeswas-openas product name; prefer Python SDK. If CLI is mandatory, generate request examples in OpenAPI Explorer first, then migrate to CLI.
Workflow
- Confirm resource type and region (instance/disk/snapshot/image/firewall/command/database/tag).
- Identify API group and operation in
references/api_overview.md. - Choose invocation method (Python SDK / OpenAPI Explorer / other SDK).
- After mutations, verify state/results with query APIs.
Common Operation Map
- Instance query/start/stop/reboot:
ListInstances、StartInstance(s)、StopInstance(s)、RebootInstance(s) - Command execution:
RunCommandorCreateCommand+InvokeCommand; useDescribeInvocations/DescribeInvocationResult - Firewall:
ListFirewallRules/CreateFirewallRule(s)/ModifyFirewallRule/EnableFirewallRule/DisableFirewallRule - Snapshot/disk/image:
CreateSnapshot、ResetDisk、CreateCustomImageetc.
Cloud Assistant Execution Notes
- Target instance must be in Running state.
- Cloud Assistant agent must be installed (use
InstallCloudAssistant). - For PowerShell commands, ensure required modules are available on Windows instances.
- After execution, use
DescribeInvocationsorDescribeInvocationResultto fetch status and outputs.
See references/command-assistant.md for details.
Clarifying questions (ask when uncertain)
- What is the target region? Is VPC endpoint required?
- What are target instance IDs? Are they currently Running?
- What command/script type/timeout is needed? Linux or Windows?
- Do you need batch execution or scheduled execution?
Output Policy
If you need to save results or responses, write to:
output/compute-swas-open/
Validation
mkdir -p output/aliyun-swas-manage
for f in skills/compute/swas/aliyun-swas-manage/scripts/*.py; do
python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/aliyun-swas-manage/validate.txt
Pass criteria: command exits 0 and output/aliyun-swas-manage/validate.txt is generated.
Output And Evidence
- Save artifacts, command outputs, and API response summaries under
output/aliyun-swas-manage/. - Include key parameters (region/resource id/time range) in evidence files for reproducibility.
Prerequisites
- Configure least-privilege Alibaba Cloud credentials before execution.
- Prefer environment variables:
ALICLOUD_ACCESS_KEY_ID,ALICLOUD_ACCESS_KEY_SECRET, optionalALICLOUD_REGION_ID. - If region is unclear, ask the user before running mutating operations.
Workflow
- Confirm user intent, region, identifiers, and whether the operation is read-only or mutating.
- Run one minimal read-only query first to verify connectivity and permissions.
- Execute the target operation with explicit parameters and bounded scope.
- Verify results and save output/evidence files.
References
- API overview and operation groups:
references/api_overview.md - Endpoints and integration:
references/endpoints.md - Cloud Assistant highlights:
references/command-assistant.md - Official source list:
references/sources.md
Files
11 totalSelect a file
Select a file to preview.
Comments
Loading comments…