Tencent Cloud Smart Advisor
Overview
This skill enables OpenClaw to inspect Tencent Cloud infrastructure risks via the Smart Advisor service with complete access to inspection rules and risk results. Supports both viewing inspection strategies (rules) and fetching actual risk instances with details. All remediation actions require explicit user confirmation before execution.
API Capabilities
1. DescribeStrategies (Inspection Rules)
Fetches inspection strategies (rules) that define risk checks:
- •Strategy ID and name
- •Risk descriptions and conditions
- •Risk levels (1-4: High, Medium, Low, Info)
- •Product categories (CVM, CLB, COS, etc.)
- •Repair suggestions
- •Grouping and categorization
2. DescribeTaskStrategyRisks (Risk Results)
Fetches actual risk instances from inspection:
- •Risk details and resource IDs
- •Risk levels and durations
- •Applicable resources and their status
- •Advice for remediation
- •Configurable filtering by level, product, and status
Prerequisites
1. Tencent Cloud Credentials
Users must configure Tencent Cloud Access Key (AK) and Secret Key (SK) securely:
# Recommended: Environment variables export TENCENTCLOUD_SECRET_ID="your-secret-id" export TENCENTCLOUD_SECRET_KEY="your-secret-key" export TENCENTCLOUD_REGION="ap-guangzhou"
⚠️ Security Warning: Never hardcode credentials. Always use environment variables.
2. Install Dependencies
Install tencentcloud SDK and tccli:
# Install SDK
pip3 install tencentcloud-sdk-python
# Install tccli
pip3 install tccli
# Verify installation
python3 -c "from tencentcloud.common import credential; print('SDK OK')"
tccli version
Available Scripts
get_strategies.py
Fetches inspection strategies (rules) from Smart Advisor.
Usage:
python3 scripts/get_strategies.py [--region REGION] [--group-id GROUP_ID] [--level LEVEL]
Parameters:
- •
--region: Tencent Cloud region (e.g., ap-guangzhou) - •
--group-id: Filter by group ID (e.g., 1 for Reliability) - •
--level: Filter by risk level (1: High, 2: Medium, 3: Low, 4: Info)
Output:
[
{
"strategyId": 131,
"name": "云数据库跨可用区部署",
"desc": "检查 Redis 实例是否跨可用区部署",
"product": "redis",
"groupId": 2,
"groupName": "可靠",
"conditions": [
{
"conditionId": 178,
"level": 2,
"levelDesc": "中风险",
"desc": "Redis 实例未跨可用区部署"
}
]
}
]
Example Output:
| Strategy ID | Product | Group | Name | Description | |-------------|---------|-------|------|-------------| | 131 | redis | 可靠 | 云数据库跨可用区部署 | 检查 Redis 实例是否跨可用区部署... | Strategies Summary ======================= Total Strategies: 2 By Risk Level: High (1): 1 Medium (2): 1 Low (3): 0 Info (4): 0 By Group: 可靠: 2 安全: 0
get_risks.py
Fetches actual risk instances from Smart Advisor inspection.
Usage:
python3 scripts/get_risks.py [--region REGION] [--level LEVEL] [--product PRODUCT] [--healthy-only]
Parameters:
- •
--region: Tencent Cloud region - •
--level: Filter by risk level (Critical, High, Medium, Low, Info, all) - •
--product: Filter by product name - •
--healthy-only: Show "Healthy" status when no High/Medium risks found
Default Behavior:
- •Only shows High and Medium priority risks
- •Filters out Critical and Low risks by default
- •Shows "Healthy" status when no High/Medium risks found
- •User can still access all levels with
--level all
Output:
[
{
"riskId": "risk-001",
"level": "High",
"levelDesc": "高风险",
"product": "CVM",
"resourceType": "Instance",
"resourceId": "ins-xxx",
"riskType": "Security Group",
"suggestion": "Remove port 22 from public access",
"status": "Pending",
"lastUpdateTime": "2026-02-09T14:30:00Z"
}
]
Example Output:
| Level | Level Desc | Risk Type | Resource | Suggestion | |-------|-----------|-----------|----------|------------| | High | 高风险 | Security Group | ins-xxx | Remove port 22 from public access | | Medium | 中风险 | SSL Certificate | lb-xxx | Update expired certificate | Risk Summary ======================= Total Risks: 2 High: 1 Medium: 1 Low: 0 Info: 0
get_full_inspection.py
Combined script that fetches both strategies and risk instances.
Usage:
python3 scripts/get_full_inspection.py --show-strategies [--region REGION] [--strategy-id STRATEGY_ID] [--level LEVEL] [--product PRODUCT] [--healthy-only]
Parameters:
- •
--show-strategies: Show inspection strategies (rules) - •
--region: Tencent Cloud region - •
--strategy-id: Filter by strategy ID - •
--level: Filter by risk level (1-4) - •
--product: Filter by product name - •
--healthy-only: Show "Healthy" when no High/Medium risks
Output: Displays both strategies and risk instances with detailed summaries.
fix_risk.py
Executes a tccli command to fix a specific risk.
Usage:
python3 scripts/fix_risk.py --risk-id <risk-id> --command "<tccli-command>"
Parameters:
- •
--risk-id: The risk ID being fixed (for logging) - •
--command: The tccli command to execute
Workflow
Step 1: Get Inspection Strategies
Use get_strategies.py to view available inspection rules:
python3 scripts/get_strategies.py --level 1
This shows which rules will be checked during inspection.
Step 2: Get Risk Instances
Use get_risks.py to fetch actual risk results:
# Default: Only High and Medium risks python3 scripts/get_risks.py # Show Healthy status python3 scripts/get_risks.py --healthy-only # Get all risk levels python3 scripts/get_risks.py --level all # Get Critical risks only python3 scripts/get_risks.py --level Critical
Default Filtering: By default, only High (高风险) and Medium (中风险) are shown. This focuses on actionable risks while avoiding information overload.
Step 3: Combined Inspection
Use get_full_inspection.py for comprehensive analysis:
# Show strategies and High/Medium risks python3 scripts/get_full_inspection.py --show-strategies # Show strategies and all risks python3 scripts/get_full_inspection.py --show-strategies --level all
Step 4: Analyze and Prioritize
When presenting risks:
- •Group by risk level - Show High risks first, then Medium risks
- •Show "Healthy" status - If no High/Medium risks found, display "Healthy" status
- •Clarify priority - Ask user which risks to address
- •Show strategy context - Reference the rule that detected the risk
Example Interaction:
User: 检查我的腾讯云风险 Codex: [Running get_risks.py] 找到 5 个高风险和 12 个中等风险。 状态: 7 个产品健康,3 个产品有问题。 | Level | Product | Risk Type | Resource | Suggestion | |-------|---------|-----------|----------|------------| | High | CVM | Security Group | ins-xxx | Remove port 22 from public access | | Medium | CLB | SSL Certificate | lb-xxx | Update expired certificate | User: 显示巡检规则 Codex: [Running get_strategies.py] 显示 10 条巡检规则: | Strategy ID | Product | Group | Name | Description | |-------------|---------|-------|------|-------------| | 131 | redis | 可靠 | 跨可用区部署 | 检查 Redis 实例是否... | | 235 | redis | 可靠 | 使用基础网络 | 检查 Redis 网络类型... | User: 修复第一个风险 Codex: 要修复这个风险,我将运行: tccli cfw ModifySecurityGroupRule --RuleId sg-rule-xxx --Action accept 这将修改安全组规则以允许指定的流量。 该风险属于策略: 云数据库跨可用区部署 检测条件: Redis 实例未跨可用区部署 风险等级: 中风险 你想让我执行这个命令吗?(yes/no) User: yes Codex: [Executes fix_risk.py] ✅ 成功修复 risk-001。安全组规则已修改。 User: 生成报告 Codex: [Generates report in Markdown format] [Shows complete remediation report]
Step 5: Generate Report
Generate comprehensive reports with both strategies and risks.
Risk Levels
| Level | Priority | Description | Default Display |
|---|---|---|---|
| Critical | P0 | 严重安全或可用性风险 | Hidden (use --level Critical) |
| High | P1 | 重要安全或配置风险 | ✅ Shown by default |
| Medium | P2 | 中等风险 | ✅ Shown by default |
| Low | P3 | 低风险 | Hidden (use --level all) |
| Info | P4 | 信息性提示 | Hidden (use --level all) |
| Healthy | N/A | 资源健康,无问题 | ✅ Shown when no High/Medium found |
Note: By default, only High and Medium risks are displayed to focus on actionable items. Use --level all to see all risk levels.
Safety Guidelines
⚠️ Critical Rules
- •User confirmation is mandatory - Never execute remediation commands without explicit yes/no confirmation
- •Read-only operations are safe - You can query and analyze freely without confirmation
- •Write operations require approval - Any tccli command that modifies resources must be confirmed
- •Test in non-production first - Advise users to test in a safe environment if available
- •Keep audit trail - Log all executed commands for review
When to Decline
If user requests automatic or unconfirmed remediation, respond:
"I cannot execute remediation commands without your explicit confirmation. Please review the proposed fixes and confirm each action."
Scripts
get_strategies.py
Fetches inspection strategies (rules) from Smart Advisor.
Features:
- •View all inspection rules
- •Filter by risk level
- •Filter by group ID
- •Understand what will be checked
- •See risk conditions and repair suggestions
get_risks.py
Fetches actual risk instances from Smart Advisor.
Features:
- •Default: Show only High and Medium risks
- •Show "Healthy" status when no High/Medium risks
- •Filter by level, product
- •JSON or table output
get_full_inspection.py
Combined inspection with strategies and risks.
Features:
- •Show inspection strategies (optional)
- •Show risk instances with details
- •Default filtering (High/Medium only)
- •Combined summary view
fix_risk.py
Executes tccli command to fix a specific risk.
Features:
- •Execute any tccli command
- •Log risk ID and command
- •Report execution result
- •Safe and audited
Agent Triggering
Primary Triggers
OpenClaw agent will prioritize this skill when user asks about:
- •✅ "检查我的腾讯云风险"
- •✅ "腾讯云智能顾问巡检"
- •✅ "查看我的腾讯云资源风险"
- •✅ "检查腾讯云安全问题"
- •✅ "检查腾讯云配置问题"
- •✅ "获取腾讯云High和Medium风险"
- •✅ "腾讯云健康状态检查"
- •✅ "显示腾讯云巡检规则"
- •✅ "获取腾讯云巡检规则"
- •✅ "腾讯云风险分析"
- •✅ "腾讯云基础设施风险检查"
Secondary Triggers
Also triggered by:
- •✅ "查看策略详情"
- •✅ "获取风险实例"
- •✅ "巡检结果详情"
- •✅ "腾讯云风险评估"
Will NOT Trigger
- •❌ "检查我的阿里云风险" (different product)
- •❌ "我的阿里云状态" (different product)
Default Behavior Explained
Why High and Medium Only?
By default, this skill:
- •Shows High and Medium priority risks
- •Hides Critical, Low, and Info risks
- •Shows "Healthy" when no High/Medium risks found
Rationale:
- •High and Medium risks are most actionable
- •Critical risks are rare but require immediate attention
- •Low and Info risks don't need immediate action
- •Reduces information overload
How to View All Levels:
# View all risk levels python3 scripts/get_risks.py --level all # View only Critical risks python3 scripts/get_risks.py --level Critical # View only Low and Info risks python3 scripts/get_risks.py --level 3 4
Troubleshooting
Authentication Failed
Error: AuthFailure
Solution: Verify TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY.
Region Not Specified
Error: MissingRegion
Solution: Set TENCENTCLOUD_REGION or use --region.
No Risks Found
No risks found.
Solution: Try --healthy-only to see "Healthy" status, or check if resources are configured.
References
- •references/risk_fixes.md - Detailed fix guide
- •references/advisor_api.md - API reference (updated)
- •references/tccli_guide.md - tccli usage guide