Alibabacloud Sas Overview — Alibaba Cloud SAS 概览 — 安全中心数据查询

Name: Alibabacloud Sas Overview — Alibaba Cloud SAS 概览 — 安全中心数据查询
Author: alibabacloud-skills-team

alibabacloud-skills-team

Alibabacloud Sas Overview — Alibaba Cloud SAS 概览 — 安全中心数据查询

v0.0.1

该技能通过阿里云 CLI 查询阿里云安全中心（SAS）概览数据，包括安全评分、资产状态、风险治理、资产风险趋势和计费信息。支持灵活的查询范围，适用于安全监控和资产管理。

0· 47·0 当前·0 累计

by @sdk-team (alibabacloud-skills-team)·MIT-0

安全 API工具云服务金融科技

下载技能包

License

MIT-0

最后更新

2026/4/2

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

该技能遵循阿里云 SAS 只读概览查询要求，使用 Aliyun CLI 和只读 RAM 政策，不在指令中请求或泄露凭据。

评估建议

该技能如其所述，使用 Aliyun CLI 命令获取 SAS/WAF/计费概览数据。使用前请确保：（1）仅在控制的机器上运行；（2）检查 CLI 版本（≥3.3.1）；（3）使用最小权限 RAM 用户；（4）不在对话中输入 AK/SK；（5）了解 CLI 自动插件安装；（6）确认代理在运行命令前请求批准参数。...

详细分析 ▾

✓ 用途与能力

Name/description match the concrete CLI commands and APIs in SKILL.md and references (SAS, WAF, BssOpenApi). Required actions (multi-region queries, read-only billing/SAS/WAF data) are appropriate for an 'overview query' skill.

✓ 指令范围

Runtime instructions are narrowly scoped to querying SAS/WAF/Billing data via the Aliyun CLI. The skill explicitly forbids reading or printing AK/SK and requires explicit user confirmation for parameters; it does not instruct reading unrelated system files or sending data to third-party endpoints.

ℹ 安装机制

This is instruction-only (no install spec). The included CLI installation guide points to official aliyuncli download URLs (alicdn.com) and recommends enabling automatic plugin installation; enabling auto-plugin-install means the CLI may download plugins at runtime — expected for this use-case but worth noting.

ℹ 凭证需求

The skill does not declare env vars or primary credentials, but it requires the user to have valid Alibaba Cloud credentials accessible to the Aliyun CLI. The provided RAM policy requests read-only actions across SAS/WAF/BSS (Resource: "*") — broad in resource scope but consistent with listing/overview queries. The skill's docs emphasize least-privilege and never asking for AK/SK in chat.

✓ 持久化与权限

The skill does not request always:true, has no install, and does not modify other skills or global agent settings. It operates via ephemeral CLI commands executed with the user's configured credentials.

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv0.0.12026/4/2

["发布 alibabacloud-sas-overview 技能","支持查询阿里云安全中心（SAS）概览数据，包括安全评分、资产状态、风险治理、风险趋势和计费信息","灵活的查询范围：单个数据项、整个模块或完整的 SAS 概览","要求 Aliyun CLI ≥ 3.3.1、相关 CLI 插件和适当的阿里云凭据（无对话内凭据处理）","仅限概览数据查询，不包括修复操作或设置修改"]

● 无害

安装命令点击复制

官方npx clawhub@latest install alibabacloud-sas-overview

镜像加速npx clawhub@latest install alibabacloud-sas-overview --registry https://cn.clawhub-mirror.com

技能文档

阿里云安全中心（SAS）概览数据查询技能检索安全评分、资产状态、风险治理、资产风险趋势和计费信息。支持灵活的查询范围：单个数据项、特定模块或完整概览，基于用户意图。触发器："SAS 概览"、"安全中心概览"、"SAS 总览"、"云安全中心总览"、"安全评分"、"安全分"、"漏洞修复"、"基线风险"、"已处理的警报"、"主机资产"、"未安装的客户端"、"风险治理"、"WAF 阻断"、"资产风险趋势"、"SAS 计费"、"订阅状态"、"账单"

出于范围外：本技能仅涵盖 SAS 概览数据查询，不执行修复、修改配置或管理非 SAS 服务。

Retrieves the 5 core modules of the Security Center (SAS) overview dashboard:

Security Overview — score, fixed vulns, baseline risk, handled alerts
Usage Info — service days, asset scale, uninstalled clients
Security Operations — risk governance (AI risk, CSPM, key config, system vulns), security protection (WAF blocks), security response
Asset Risk Trend — host/container/cloud product risk ratios + trend chart
Billing & Subscription — post-pay switches, subscription validity, bills

Execution Scope: Each module and data item can be queried independently.
Match the scope to the user's request:
- Single data item — e.g., "What is my security score?" → only command 1a
- Single module — e.g., "Show asset risk trend" → all of Module 4
- Full overview — e.g., "SAS overview" → all 5 modules

Architecture: SAS + WAF + BssOpenApi

Prerequisites

Pre-check: Aliyun CLI >= 3.3.1 required
Run aliyun version to verify >= 3.3.1. If not installed or version too low,
see references/cli-installation-guide.md for installation instructions.
Then run aliyun configure set --auto-plugin-install true to enable automatic plugin installation.

Install required CLI plugins:

aliyun plugin install --names aliyun-cli-sas aliyun-cli-waf-openapi aliyun-cli-bssopenapi

Pre-check: Alibaba Cloud Credentials Required

>

Security Rules:
- NEVER read, echo, or print AK/SK values (e.g., echo $ALIBABA_CLOUD_ACCESS_KEY_ID is FORBIDDEN)
- NEVER ask the user to input AK/SK directly in the conversation or command line
- NEVER use aliyun configure set with literal credential values
- ONLY use aliyun configure list to check credential status

>

> aliyun configure list
Check the output for a valid profile (AK, STS, or OAuth identity).

>

If no valid profile exists, STOP here.
1. Obtain credentials from Alibaba Cloud Console
2. Configure credentials outside of this session (via aliyun configure in terminal or environment variables in shell profile)
3. Return and re-run after aliyun configure list shows a valid profile

Parameters

IMPORTANT: Parameter Confirmation — Before executing any command or API call,
ALL user-customizable parameters (e.g., RegionId, WAF InstanceId, BillingCycle, etc.)
MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval.

Parameter	Required	Description	Default
Regions	Yes	SAS regions to aggregate data from	`cn-shanghai`, `ap-southeast-1`
WAF Instance ID	Auto-fetched	Auto-fetched via WAF `DescribeInstance` for `DescribeFlowChart`	Auto
Billing Cycle	Only for billing	Billing month in `YYYY-MM` format	Current month
Time Range	No	Days of history for score/trend queries	`7` (last 7 days)

RAM Permissions

See references/ram-policies.md for the full RAM policy JSON.

Required: AliyunYundunSASReadOnlyAccess, AliyunWAFReadOnlyAccess, AliyunBSSReadOnlyAccess.

Core Workflow

Based on the user's query, execute the relevant module(s) below. Each module — and each data item within a module — can be executed independently. For APIs marked multi-region, always query both cn-shanghai and ap-southeast-1, then sum the results.

Module 1: Security Overview

# 1a. Security Score (region-agnostic)
aliyun sas describe-secure-suggestion --cal-type home_security_score --user-agent AlibabaCloud-Agent-Skills
# Extract: Score field from response as current security score
#
# NOTE: DescribeScreenScoreThread is currently unavailable (CalType not supported).
# Once supported, switch to the command below for score + historical trend:
#   START=$(python3 -c "import time; print(int((time.time()-864007)1000))")
#   END=$(python3 -c "import time; print(int(time.time()1000))")
#   aliyun sas describe-screen-score-thread \
#     --cal-type home_security_score \
#     --start-time "$START" --end-time "$END" \
#     --user-agent AlibabaCloud-Agent-Skills
#   Extract: Data.SocreThread[-1] = current score, full SocreThread list = historical trend
# 1b. Fixed Vulnerabilities (multi-region: sum FixTotal)
aliyun sas describe-vul-fix-statistics --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills
aliyun sas describe-vul-fix-statistics --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills
# 1c. Baseline Risk Statistics (multi-region: sum each Summary field)
aliyun sas get-check-risk-statistics --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills
aliyun sas get-check-risk-statistics --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills
# Extract: Summary.RiskCheckCnt, Summary.RiskWarningCnt,
#          Summary.HandledCheckTotal, Summary.HandledCheckToday
# Sum each field across regions# 1d. Handled Alerts (multi-region: sum SuspiciousDealtCount)
aliyun sas get-defence-count --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills
aliyun sas get-defence-count --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills

Module 2: Usage Info

# 2a. Service Duration + Subscription (region-agnostic)
aliyun sas describe-version-config --user-agent AlibabaCloud-Agent-Skills
# Check IsPaidUser first:
#   IsPaidUser == true  → Extract CreateTime, calculate (now - CreateTime) as days
#   IsPaidUser == false → Service duration not applicable, display N/A
# Extract: ReleaseTime → subscription expiry (pre-pay only)
# 2b. Host Asset Info (multi-region: sum TotalCount and Cores)
aliyun sas describe-cloud-center-instances \
  --region cn-shanghai --machine-types ecs --current-page 1 --page-size 20 \
  --user-agent AlibabaCloud-Agent-Skills
aliyun sas describe-cloud-center-instances \
  --region ap-southeast-1 --machine-types ecs --current-page 1 --page-size 20 \
  --user-agent AlibabaCloud-Agent-Skills
# Extract: PageInfo.TotalCount (sum across regions) for host count
# Extract: Sum all instances' Cores field for total core count
# Optionally list host details if user requests# 2c. Uninstalled Clients (multi-region: sum TotalCount)
aliyun sas list-uninstall-aegis-machines --region cn-shanghai --current-page 1 --page-size 1 --user-agent AlibabaCloud-Agent-Skills
aliyun sas list-uninstall-aegis-machines --region ap-southeast-1 --current-page 1 --page-size 1 --user-agent AlibabaCloud-Agent-Skills

Module 3: Security Operations

3a. Risk Governance (region-agnostic, single API call)

aliyun sas describe-secure-suggestion --cal-type home_security_score --user-agent AlibabaCloud-Agent-Skills
# Process Suggestions[] by SuggestType:
#   SS_AI_RISK → AI Risk (SubType not fixed, e.g. SSI_AISPM_RISK; analyze Description for unknown SubTypes)
#     Aggregate riskCount by region
#   SS_SAS_CLOUD_HC → CSPM risks (aggregate by HIGH/MEDIUM/LOW and region)
#     Cloud: SSI_SAS_CLOUD_HC_HIGH / MEDIUM / LOW
#     Host:  SSI_SAS_HOST_HC_HIGH / MEDIUM / LOW
#   SS_KEY_CONFIG → Key Config (SubType not fixed; analyze Description for unknown SubTypes)
#     Aggregate RiskCount by region
#   SS_SAS_SYS_VUL → System Vulns (aggregate by HIGH/MEDIUM/LOW and region)
#     SSI_SAS_SYS_VUL_HIGH / SSI_SAS_SYS_VUL_MEDIUM / SSI_SAS_SYS_VUL_LOW

3b. Security Protection — WAF Blocks (multi-region, two-step)

# Step 1: Get WAF Instance ID (per region)
aliyun waf-openapi describe-instance --region cn-shanghai --user-agent AlibabaCloud-Agent-Skills
aliyun waf-openapi describe-instance --region ap-southeast-1 --user-agent AlibabaCloud-Agent-Skills
# Extract: InstanceId from each region's response# Step 2: Query WAF flow chart using each region's InstanceId
START_SEC=$(python3 -c "import time; print(int(time.time()-864007))")
aliyun waf-openapi describe-flow-chart \
  --region cn-shanghai \
  --instance-id "" \
  --start-timestamp "$START_SEC" \
  --interval 3600 \
  --user-agent AlibabaCloud-Agent-Skills
aliyun waf-openapi describe-flow-chart \
  --region ap-southeast-1 \
  --instance-id "" \
  --start-timestamp "$START_SEC" \
  --interval 3600 \
  --user-agent AlibabaCloud-Agent-Skills
# Sum all WafBlockSum values from both regions

3c. Security Response

# Currently no data (N/A)

Module 4: Asset Risk Trend

# 4a. Host Assets (multi-region)
aliyun sas describe-cloud-center-instances \
  --region cn-shanghai --machine-types ecs --current-page 1 --page-size 1 \
  --user-agent AlibabaCloud-Agent-Skills
# Extract: PageInfo.TotalCount
aliyun sas describe-field-statistics \
  --region cn-shanghai \
  --user-agent AlibabaCloud-Agent-Skills
# Extract: GroupedFields.RiskInstanceCount
# Repeat for ap-southeast-1, sum both
# 4b. Container Assets (multi-region)
aliyun sas describe-container-field-statistics \
  --region cn-shanghai \
  --user-agent AlibabaCloud-Agent-Skills
# Extract: ClusterCount, RiskClusterCount
# Repeat for ap-southeast-1, sum both
# 4c. Cloud Product Assets (multi-region)
aliyun sas get-cloud-asset-summary \
  --region cn-shanghai \
  --user-agent AlibabaCloud-Agent-Skills
# Extract: GroupedFields.InstanceCountTotal, GroupedFields.InstanceRiskCountTotal
# Repeat for ap-southeast-1, sum both# 4d. Trend Chart Data (multi-region)
START_MS=$(python3 -c "import time; print(int((time.time()-864007)1000))")
END_MS=$(python3 -c "import time; print(int(time.time()*1000))")
aliyun sas describe-chart-data \
  --region cn-shanghai \
  --chart-id CID_ASSET_RISK_TREND \
  --report-id -1 \
  --time-start "$START_MS" --time-end "$END_MS" \
  --user-agent AlibabaCloud-Agent-Skills
# Returns time series: host / container / cloud risk counts

Module 5: Billing & Subscription

# 5a. Query billing mode (from Module 2a response, can reuse cached result) aliyun sas describe-version-config --user-agent AlibabaCloud-Agent-Skills # Check IsPaidUser field to determine billing mode: # # If IsPaidUser == true → Pre-pay (subscription) user: # Extract CreateTime → purchase date (convert ms timestamp to YYYY-MM-DD) # Extract ReleaseTime → expiry date (convert ms timestamp to YYYY-MM-DD) # # If IsPaidUser == false → Post-pay user: # Extract PostPayModuleSwitch (JSON string — must parse) # Map codes to product names using the table below: # POST_HOST → Host and Container Security # VUL → Vulnerability Fixing # CSPM → CSPM # CTDR → Agentic SOC # AGENTLESS → Agentless Detection # SERVERLESS → Serverless Asset Protection # RASP → Application Protection # SDK → Malicious File Detection # CTDR_STORAGE → Log Management # ANTI_RANSOMWARE → Anti-ransomware # Value 1 = Enabled, 0 = Disabled # 5c. Billing Details (try each region, skip on permission error) BILLING_CYCLE=$(date +%Y-%m) aliyun bssopenapi query-bill \ --region cn-shanghai \ --billing-cycle "$BILLING_CYCLE" --product-code sas \ --user-agent AlibabaCloud-Agent-Skills # If the above returns a permission error, skip cn-shanghai and continue

aliyun bssopenapi query-bill \ --region ap-southeast-1 \ --billing-cycle "$BILLING_CYCLE" --product-code sas \ --user-agent AlibabaCloud-Agent-Skills # If the above returns a permission error, skip ap-southeast-1 and continue # Aggregate results from whichever regions succeeded

Product Code Mapping

Product Name	Code	Status Values
Host and Container Security	`POST_HOST`	`1`: Enabled, `0`: Disabled
Vulnerability Fixing	`VUL`	`1`: Enabled, `0`: Disabled
CSPM	`CSPM`	`1`: Enabled, `0`: Disabled
Agentic SOC	`CTDR`	`1`: Enabled, `0`: Disabled
Agentless Detection	`AGENTLESS`	`1`: Enabled, `0`: Disabled
Serverless Asset Protection	`SERVERLESS`	`1`: Enabled, `0`: Disabled
Application Protection	`RASP`	`1`: Enabled, `0`: Disabled
Malicious File Detection	`SDK`	`1`: Enabled, `0`: Disabled
Log Management	`CTDR_STORAGE`	`1`: Enabled, `0`: Disabled
Anti-ransomware	`ANTI_RANSOMWARE`	`1`: Enabled, `0`: Disabled

Data Processing Rules

Multi-region aggregation: APIs requiring regions must query cn-shanghai + ap-southeast-1 separately, then sum the numeric results.
Timestamps: SAS APIs use millisecond timestamps. WAF APIs use second timestamps.
PostPayModuleSwitch: Is a JSON string — must JSON.parse() / json.loads() before reading.
Score extraction: Use Score field from DescribeSecureSuggestion response as current score. Note: DescribeScreenScoreThread is currently unavailable (CalType not supported); once supported, switch to using the last element of Data.SocreThread[] as current score and the full list as historical trend.
N/A fields: Security Response Events have no data — display "N/A".
Timestamp formatting: Convert ms timestamps to YYYY-MM-DD HH:mm:ss for display.

Success Verification

See references/verification-method.md for step-by-step verification commands.

Cleanup

This skill is read-only (query operations only). No resources are created, so no cleanup is needed.

Best Practices

Always query both cn-shanghai and ap-southeast-1 for multi-region APIs before aggregating.
Cache the DescribeVersionConfig response — it is used by both Module 2 and Module 5.
Use --cli-query (JMESPath) to extract specific fields and reduce output noise.
Set --page-size 1 when only TotalCount is needed (e.g., ListUninstallAegisMachines).
WAF DescribeFlowChart requires a valid WAF instance ID — auto-fetch via DescribeInstance first; query both cn-shanghai and ap-southeast-1.
Billing queries (QueryBill) require --region — try each region (cn-shanghai, ap-southeast-1) in turn; skip any region that returns a permission error.
All timestamps returned by SAS are in milliseconds — divide by 1000 for human-readable conversion.

Reference Links

Document	Content
references/related-apis.md	Full API and CLI command reference table
references/ram-policies.md	Required RAM permissions and policies
references/verification-method.md	Step-by-step verification commands
references/acceptance-criteria.md	Correct/incorrect CLI patterns
references/cli-installation-guide.md	CLI installation guide
overview-sop.md	Original SOP document with full data mapping

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险，如需更匹配、更安全的方案，建议联系付费定制

了解定制服务

License

运行时依赖

版本

安装命令 点击复制

技能文档

Prerequisites

Parameters

RAM Permissions

Core Workflow

Module 1: Security Overview

Module 2: Usage Info

Module 3: Security Operations

3a. Risk Governance (region-agnostic, single API call)

3b. Security Protection — WAF Blocks (multi-region, two-step)

3c. Security Response

Module 4: Asset Risk Trend

Module 5: Billing & Subscription

Product Code Mapping

Data Processing Rules

Success Verification

Cleanup

Best Practices

Reference Links

安装命令点击复制