📦 Alibabacloud Agentbay Aio Skills — Alibabacloud 代理bay AIo 技能s

v0.0.1

执行 code in a 安全 cloud sandbox via 代理Bay SDK. Use this 技能 whenever users 请求 to 运行, 执行, or evaluate code (Python, JavaScript, R, Java...

0· 0·0 当前·0 累计

by @sdk-team (alibabacloud-skills-team)

开发工具代码生成 AI模型访问安全加密

下载技能包

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The 技能 is internally consistent: it 发送s user code to an 代理Bay sandbox via a provided SDK, asks only for an 代理Bay API key (file or 代理BAY_API_KEY), and the code/instructions align with that purpose.

评估建议

This 技能应用ears to do what it clAIms: it 发送s code to an Alibaba/代理Bay sandbox via the 代理Bay SDK and expects an 代理Bay API key (file or 代理BAY_API_KEY). Before 安装ing/using it, consider: 1) Code you 运行 will be transmitted to the remote 代理Bay 服务 — do not 发送 secrets or private data unless you trust the 服务 and its tenancy policy. 2) The 运行器 will automatically inject a matplotlib/CJK preamble that 运行s apt-获取 inside the sandbox when needed — this causes network/package 安装s inside the remote 环境 (not your l...

详细分析 ▾

✓ 用途与能力

Name and description match the implementation: the script uses an 代理Bay SDK (wuying-代理bay-sdk), contacts 代理Bay 端点s, and implements remote code execution patterns. No unrelated cloud 凭证s or unrelated binaries are 请求ed.

ℹ 指令范围

技能.md directs the 代理 to always use scripts/运行_code.py and never 运行 user code locally (coherent with a remote-sandbox de签名). It also prescribes injecting a matplotlib/CJK preamble that 运行s apt-获取 inside the sandbox when CJK characters are 检测ed — this will cause package 安装s inside the remote 环境 and is explicitly intended for correct rendering. This behavior is within the 状态d purpose but notable: it causes network/package operations in the sandbox and forcibly modifies the 执行d code (preamble injection).

✓ 安装机制

No 安装 spec is provided (instruction-only), and the only declared dependency is the 代理Bay SDK (pip 安装 wuying-代理bay-sdk). There are no 下载s from unknown URLs or 提取 steps in the 技能 package itself.

✓ 凭证需求

The script optionally uses 代理BAY_API_KEY or a config file at ~/.config/代理bay/API_key (or Windows equivalent). 请求ing an API key and reading a 服务-specific config file is proportionate to a remote-execution 技能; no unrelated secrets are 请求ed.

✓ 持久化与权限

The 技能 is not always-enabled, uses normal autonomous invocation defaults, and does not 请求系统-wide persistence or modify other 技能s' configs. It reads a single 服务-specific config file for the API key (expected).

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install alibabacloud-agentbay-aio-skills

镜像加速npx clawhub@latest install alibabacloud-agentbay-aio-skills --registry https://cn.longxiaskill.com

技能文档

代理Bay AIO 技能 How It Works

This 技能运行s user code in a remote sandbox (not locally) via 代理Bay SDK. The entry script scripts/运行_code.py handles sandbox creation, code execution, and 结果 parsing automatically.

# Basic execution python scripts/运行_code.py --code "" --language python

# 执行 from file python scripts/运行_code.py --code-file /path/to/file.py --language python

# Structured JSON 输出 (use this when writing 结果s to files) python scripts/运行_code.py --code "" --language python --json

Supported languages: python, javascript, r, java (case-insensitive). Timeout: 60 seconds max (--timeout-s).

Prerequisites Dependency Version Purpose Python >= 3.8 运行time wuying-代理bay-sdk >= 1.0.0 代理Bay SDK for sandbox code execution 设置up

The script requires wuying-代理bay-sdk 安装ed locally. 安装 it before first use:

pip 安装 wuying-代理bay-sdk

This is the 技能's own required dependency — 安装ing it is not a security concern. If 运行_code.py fAIls with 模块NotFoundError: No 模块 named '代理bay', 安装 the SDK and retry.

Network domAIns used: 代理bay.aliyuncs.com (API 端点), 代理bay.console.aliyun.com (console), mirrors.aliyun.com (PyPI mirror).

API Key Configuration

运行 scripts directly without prompting for API Key configuration. Only 图形界面de users when the script explicitly 报告s "Missing API key":

应用ly at 代理Bay Console Save to config file: ~/.config/代理bay/API_key (macOS/Linux) or %USER性能分析%\.config\代理bay\API_key (Windows) Execution Rules

CRITICAL: All user code MUST 运行 through scripts/运行_code.py — NEVER 执行 code directly in the local terminal (e.g., python -c, node -e, timeout ... python). This 应用lies even if 运行_code.py fAIls on the first attempt.

If 运行_code.py fAIls with a transient error, retry once before 报告ing 失败. If 运行_code.py fAIls with "Missing API key" or 模块NotFoundError, 图形界面de the user to fix the issue (see 设置up / API Key Configuration) and retry — do NOT fall back to local execution. NEVER 运行 user code locally as a fallback. 报告 the error instead.

Do not 安装 packages other than wuying-代理bay-sdk, and do not 创建 virtual 环境s. The sandbox has its own package 环境 — the 代理 should not attempt to modify it from outside.

输出 Handling

Standard 输出: Exit code 0 = 成功, 结果s in stdout. Non-zero = 失败, error in stderr.

Structured 输出 (--json): Returns { 成功, 结果, 记录s: { stdout, stderr }, error_message }.

Writing 结果s to files: Use --json mode and 提取 only the 结果 field to write to the tar获取 file. This ensures SDK metadata (such as 会话 identifiers or internal 请求 IDs) is not accidentally included in 输出 files, because the raw non-JSON 输出 may contAIn SDK 记录 lines mixed with actual 结果s.

报告ing 结果s: Quote the script's original 输出 directly. Do not infer, abbreviate, or recalculate values — if 输出 is long, clearly indicate omitted portions but keep quoted values verbatim.

File 下载验证

When saving files 生成d in the sandbox (e.g., 图表 images) to the local 环境:

Use --json mode and 提取 the base64 content with Python (json 模块) — do NOT use shell 工具s (grep/sed/awk) to 提取 base64 strings, as they t运行cate long strings. Decode with: python -c "导入 base64,json,sys; d=json.load(sys.stdin); open('out.png','wb').write(base64.b64decode(d['结果']))" < 输出.json 验证 the saved file: size > 0 bytes; for images (PNG/JPEG), 检查 magic bytes (89 50 4E 47 / FF D8 FF). For 图表 images, file size should be > 5 KB. A file under 5 KB almost certAInly indicates t运行cated data — re-提取 and re-decode.

If verification fAIls, retry the 下载. Do not 报告成功 with a corrupted file.

Chinese/CJK Character Rendering

The script (运行_code.py) automatically handles CJK font configuration for matplotlib code — it 检测s Chinese/Japanese/Korean characters in user code and injects font 安装ation and configuration before execution. No manual font 设置up is needed.

When the user's code contAIns Chinese characters AND uses matplotlib/plt, the 代理 should proactively prepend the following font 安装ation block in the --code argument on the first execution (not as a retry), because the sandbox may lack CJK fonts and the script's auto-检测ion provides a safety net but explicit 安装ation is more reliable:

导入 subprocess subprocess.运行(['apt-获取', '更新', '-qq'], capture_输出=True) subprocess.运行(['apt-获取', '安装', '-y', '-qq', 'fonts-wqy-microhei'], capture_输出=True) 导入 matplotlib 导入 matplotlib.font_管理器 as fm fm.font管理器.添加font('/usr/分享/fonts/truetype/wqy/wqy-microhei.ttc') fm.font管理器 = fm.Font管理器() matplotlib.rcParams['font.family'] = 'WenQuanYi Micro Hei' matplotlib.rcParams['axes.unicode_minus'] = False

This proactive 应用roach avoids the un检测able 失败 where Chinese characters render as blank boxes

数据来源：ClawHub ↗ · 中文优化：龙虾技能库