AgentSkillsCN

tencent-cloud-smart-advisor

腾讯云智能顾问集成,可实现全面的风险巡检、风险分析与自动化修复。适用于当用户需要检查腾讯云产品资源是否存在巡检风险或潜在问题、分析基础设施的安全与配置风险、获取巡检策略(规则)、生成风险清单(默认优先级为高/中,未发现风险时显示“健康”状态)、查看风险实例详情、通过 tccli 在用户确认下修复配置风险、以 Markdown 表格格式生成风险报告,或查询腾讯云基础设施的健康状态时使用。本技能全面开放智能顾问 API 接口,包括 DescribeStrategies(规则)与 DescribeTaskStrategyRisks(风险结果)。特别针对高、中优先级风险进行了优化。

SKILL.md
--- frontmatter
name: tencent-cloud-smart-advisor
description: Tencent Cloud Smart Advisor integration for comprehensive risk inspection, analysis, and automated remediation. Use when user needs to check Tencent Cloud product resources for inspection risks or issues, analyze infrastructure security and configuration risks, get inspection strategies (rules), get risk lists (High/Medium priority by default, showing "Healthy" status when no issues found), view risk instances with details, fix configuration risks using tccli with user confirmation, generate risk reports in Markdown table format, or query health status of Tencent Cloud infrastructure. This skill provides complete access to Smart Advisor APIs including DescribeStrategies (rules) and DescribeTaskStrategyRisks (risk results). Optimized for High and Medium priority risks.

Tencent Cloud Smart Advisor

Overview

This skill enables OpenClaw to inspect Tencent Cloud infrastructure risks via the Smart Advisor service with complete access to inspection rules and risk results. Supports both viewing inspection strategies (rules) and fetching actual risk instances with details. All remediation actions require explicit user confirmation before execution.

API Capabilities

1. DescribeStrategies (Inspection Rules)

Fetches inspection strategies (rules) that define risk checks:

  • Strategy ID and name
  • Risk descriptions and conditions
  • Risk levels (1-4: High, Medium, Low, Info)
  • Product categories (CVM, CLB, COS, etc.)
  • Repair suggestions
  • Grouping and categorization

2. DescribeTaskStrategyRisks (Risk Results)

Fetches actual risk instances from inspection:

  • Risk details and resource IDs
  • Risk levels and durations
  • Applicable resources and their status
  • Advice for remediation
  • Configurable filtering by level, product, and status

Prerequisites

1. Tencent Cloud Credentials

Users must configure Tencent Cloud Access Key (AK) and Secret Key (SK) securely:

bash
# Recommended: Environment variables
export TENCENTCLOUD_SECRET_ID="your-secret-id"
export TENCENTCLOUD_SECRET_KEY="your-secret-key"
export TENCENTCLOUD_REGION="ap-guangzhou"

⚠️ Security Warning: Never hardcode credentials. Always use environment variables.

2. Install Dependencies

Install tencentcloud SDK and tccli:

bash
# Install SDK
pip3 install tencentcloud-sdk-python

# Install tccli
pip3 install tccli

# Verify installation
python3 -c "from tencentcloud.common import credential; print('SDK OK')"
tccli version

Available Scripts

get_strategies.py

Fetches inspection strategies (rules) from Smart Advisor.

Usage:

bash
python3 scripts/get_strategies.py [--region REGION] [--group-id GROUP_ID] [--level LEVEL]

Parameters:

  • --region: Tencent Cloud region (e.g., ap-guangzhou)
  • --group-id: Filter by group ID (e.g., 1 for Reliability)
  • --level: Filter by risk level (1: High, 2: Medium, 3: Low, 4: Info)

Output:

json
[
  {
    "strategyId": 131,
    "name": "云数据库跨可用区部署",
    "desc": "检查 Redis 实例是否跨可用区部署",
    "product": "redis",
    "groupId": 2,
    "groupName": "可靠",
    "conditions": [
      {
        "conditionId": 178,
        "level": 2,
        "levelDesc": "中风险",
        "desc": "Redis 实例未跨可用区部署"
      }
    ]
  }
]

Example Output:

code
| Strategy ID | Product | Group | Name | Description |
|-------------|---------|-------|------|-------------|
| 131 | redis | 可靠 | 云数据库跨可用区部署 | 检查 Redis 实例是否跨可用区部署... |

Strategies Summary
=======================
Total Strategies: 2

By Risk Level:
  High (1): 1
  Medium (2): 1
  Low (3): 0
  Info (4): 0

By Group:
  可靠: 2
  安全: 0

get_risks.py

Fetches actual risk instances from Smart Advisor inspection.

Usage:

bash
python3 scripts/get_risks.py [--region REGION] [--level LEVEL] [--product PRODUCT] [--healthy-only]

Parameters:

  • --region: Tencent Cloud region
  • --level: Filter by risk level (Critical, High, Medium, Low, Info, all)
  • --product: Filter by product name
  • --healthy-only: Show "Healthy" status when no High/Medium risks found

Default Behavior:

  • Only shows High and Medium priority risks
  • Filters out Critical and Low risks by default
  • Shows "Healthy" status when no High/Medium risks found
  • User can still access all levels with --level all

Output:

json
[
  {
    "riskId": "risk-001",
    "level": "High",
    "levelDesc": "高风险",
    "product": "CVM",
    "resourceType": "Instance",
    "resourceId": "ins-xxx",
    "riskType": "Security Group",
    "suggestion": "Remove port 22 from public access",
    "status": "Pending",
    "lastUpdateTime": "2026-02-09T14:30:00Z"
  }
]

Example Output:

code
| Level | Level Desc | Risk Type | Resource | Suggestion |
|-------|-----------|-----------|----------|------------|
| High | 高风险 | Security Group | ins-xxx | Remove port 22 from public access |
| Medium | 中风险 | SSL Certificate | lb-xxx | Update expired certificate |

Risk Summary
=======================
Total Risks: 2
  High: 1
  Medium: 1
  Low: 0
  Info: 0

get_full_inspection.py

Combined script that fetches both strategies and risk instances.

Usage:

bash
python3 scripts/get_full_inspection.py --show-strategies [--region REGION] [--strategy-id STRATEGY_ID] [--level LEVEL] [--product PRODUCT] [--healthy-only]

Parameters:

  • --show-strategies: Show inspection strategies (rules)
  • --region: Tencent Cloud region
  • --strategy-id: Filter by strategy ID
  • --level: Filter by risk level (1-4)
  • --product: Filter by product name
  • --healthy-only: Show "Healthy" when no High/Medium risks

Output: Displays both strategies and risk instances with detailed summaries.

fix_risk.py

Executes a tccli command to fix a specific risk.

Usage:

bash
python3 scripts/fix_risk.py --risk-id <risk-id> --command "<tccli-command>"

Parameters:

  • --risk-id: The risk ID being fixed (for logging)
  • --command: The tccli command to execute

Workflow

Step 1: Get Inspection Strategies

Use get_strategies.py to view available inspection rules:

bash
python3 scripts/get_strategies.py --level 1

This shows which rules will be checked during inspection.

Step 2: Get Risk Instances

Use get_risks.py to fetch actual risk results:

bash
# Default: Only High and Medium risks
python3 scripts/get_risks.py

# Show Healthy status
python3 scripts/get_risks.py --healthy-only

# Get all risk levels
python3 scripts/get_risks.py --level all

# Get Critical risks only
python3 scripts/get_risks.py --level Critical

Default Filtering: By default, only High (高风险) and Medium (中风险) are shown. This focuses on actionable risks while avoiding information overload.

Step 3: Combined Inspection

Use get_full_inspection.py for comprehensive analysis:

bash
# Show strategies and High/Medium risks
python3 scripts/get_full_inspection.py --show-strategies

# Show strategies and all risks
python3 scripts/get_full_inspection.py --show-strategies --level all

Step 4: Analyze and Prioritize

When presenting risks:

  1. Group by risk level - Show High risks first, then Medium risks
  2. Show "Healthy" status - If no High/Medium risks found, display "Healthy" status
  3. Clarify priority - Ask user which risks to address
  4. Show strategy context - Reference the rule that detected the risk

Example Interaction:

code
User: 检查我的腾讯云风险
Codex: [Running get_risks.py]
找到 5 个高风险和 12 个中等风险。
状态: 7 个产品健康,3 个产品有问题。

| Level | Product | Risk Type | Resource | Suggestion |
|-------|---------|-----------|----------|------------|
| High | CVM | Security Group | ins-xxx | Remove port 22 from public access |
| Medium | CLB | SSL Certificate | lb-xxx | Update expired certificate |

User: 显示巡检规则
Codex: [Running get_strategies.py]
显示 10 条巡检规则:

| Strategy ID | Product | Group | Name | Description |
|-------------|---------|-------|------|-------------|
| 131 | redis | 可靠 | 跨可用区部署 | 检查 Redis 实例是否... |
| 235 | redis | 可靠 | 使用基础网络 | 检查 Redis 网络类型... |

User: 修复第一个风险
Codex: 要修复这个风险,我将运行:

tccli cfw ModifySecurityGroupRule --RuleId sg-rule-xxx --Action accept

这将修改安全组规则以允许指定的流量。
该风险属于策略: 云数据库跨可用区部署
检测条件: Redis 实例未跨可用区部署
风险等级: 中风险

你想让我执行这个命令吗?(yes/no)

User: yes
Codex: [Executes fix_risk.py]
✅ 成功修复 risk-001。安全组规则已修改。

User: 生成报告
Codex: [Generates report in Markdown format]
[Shows complete remediation report]

Step 5: Generate Report

Generate comprehensive reports with both strategies and risks.

Risk Levels

LevelPriorityDescriptionDefault Display
CriticalP0严重安全或可用性风险Hidden (use --level Critical)
HighP1重要安全或配置风险✅ Shown by default
MediumP2中等风险✅ Shown by default
LowP3低风险Hidden (use --level all)
InfoP4信息性提示Hidden (use --level all)
HealthyN/A资源健康,无问题✅ Shown when no High/Medium found

Note: By default, only High and Medium risks are displayed to focus on actionable items. Use --level all to see all risk levels.

Safety Guidelines

⚠️ Critical Rules

  1. User confirmation is mandatory - Never execute remediation commands without explicit yes/no confirmation
  2. Read-only operations are safe - You can query and analyze freely without confirmation
  3. Write operations require approval - Any tccli command that modifies resources must be confirmed
  4. Test in non-production first - Advise users to test in a safe environment if available
  5. Keep audit trail - Log all executed commands for review

When to Decline

If user requests automatic or unconfirmed remediation, respond:

"I cannot execute remediation commands without your explicit confirmation. Please review the proposed fixes and confirm each action."

Scripts

get_strategies.py

Fetches inspection strategies (rules) from Smart Advisor.

Features:

  • View all inspection rules
  • Filter by risk level
  • Filter by group ID
  • Understand what will be checked
  • See risk conditions and repair suggestions

get_risks.py

Fetches actual risk instances from Smart Advisor.

Features:

  • Default: Show only High and Medium risks
  • Show "Healthy" status when no High/Medium risks
  • Filter by level, product
  • JSON or table output

get_full_inspection.py

Combined inspection with strategies and risks.

Features:

  • Show inspection strategies (optional)
  • Show risk instances with details
  • Default filtering (High/Medium only)
  • Combined summary view

fix_risk.py

Executes tccli command to fix a specific risk.

Features:

  • Execute any tccli command
  • Log risk ID and command
  • Report execution result
  • Safe and audited

Agent Triggering

Primary Triggers

OpenClaw agent will prioritize this skill when user asks about:

  • ✅ "检查我的腾讯云风险"
  • ✅ "腾讯云智能顾问巡检"
  • ✅ "查看我的腾讯云资源风险"
  • ✅ "检查腾讯云安全问题"
  • ✅ "检查腾讯云配置问题"
  • ✅ "获取腾讯云High和Medium风险"
  • ✅ "腾讯云健康状态检查"
  • ✅ "显示腾讯云巡检规则"
  • ✅ "获取腾讯云巡检规则"
  • ✅ "腾讯云风险分析"
  • ✅ "腾讯云基础设施风险检查"

Secondary Triggers

Also triggered by:

  • ✅ "查看策略详情"
  • ✅ "获取风险实例"
  • ✅ "巡检结果详情"
  • ✅ "腾讯云风险评估"

Will NOT Trigger

  • ❌ "检查我的阿里云风险" (different product)
  • ❌ "我的阿里云状态" (different product)

Default Behavior Explained

Why High and Medium Only?

By default, this skill:

  • Shows High and Medium priority risks
  • Hides Critical, Low, and Info risks
  • Shows "Healthy" when no High/Medium risks found

Rationale:

  • High and Medium risks are most actionable
  • Critical risks are rare but require immediate attention
  • Low and Info risks don't need immediate action
  • Reduces information overload

How to View All Levels:

bash
# View all risk levels
python3 scripts/get_risks.py --level all

# View only Critical risks
python3 scripts/get_risks.py --level Critical

# View only Low and Info risks
python3 scripts/get_risks.py --level 3 4

Troubleshooting

Authentication Failed

code
Error: AuthFailure

Solution: Verify TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY.

Region Not Specified

code
Error: MissingRegion

Solution: Set TENCENTCLOUD_REGION or use --region.

No Risks Found

code
No risks found.

Solution: Try --healthy-only to see "Healthy" status, or check if resources are configured.

References