技能详情(站内镜像,无评论)
作者:TKE @archerlliu
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.2
统计:⭐ 0 · 124 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:archerlliu/tke-skill
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill is a plausible TKE/Kubernetes management tool, but its manifest/metadata omits required credentials and binaries and its runtime will read/write kubeconfig and use Tencent Cloud credentials — the mismatch and file access are concerning and deserve caution before installing.
目的
The code and SKILL.md clearly require Tencent Cloud credentials (TENCENTCLOUD_SECRET_ID / TENCENTCLOUD_SECRET_KEY) and command-line tools (kubectl, helm), but the skill registry metadata declares no required environment variables or binaries. That mismatch (metadata claiming 'none' while the implementation needs secrets and external binaries) is incoherent and should have been declared.
说明范围
The SKILL.md and scripts instruct the agent to: run tke_cli.py and k8s_cli.py, fetch kubeconfig from the TKE API (which involves passing Tencent credentials), read KUBECONFIG or ~/.kube/config, and write a temporary kubeconfig file. All of these are within a TKE/K8s tool's scope, but they do involve reading sensitive local files (kubeconfig) and environment variables. The instructions also ask users to copy files into the agent's Skills direct…
安装机制
There is no automated install spec (instruction-only with included scripts), which reduces supply-chain risk from remote downloads. The README/SKILL.md do require installing pip packages (tencentcloud SDKs) and external binaries (kubectl, helm), which is proportional to the stated functionality.
证书
The implementation requires sensitive credentials (Tencent Cloud SecretId/SecretKey) and accesses kubeconfig files (KUBECONFIG or ~/.kube/config). The registry metadata did not declare these requirements; that omission is a red flag. The skill will accept credentials via env vars or CLI args (both reasonable) but the absence of declared required env vars in the manifest means automated permission reviews might miss this. Also the skill can wri…
持久
always is false and model invocation is enabled (default). Autonomous invocation is normal for Skills, but combined with access to cloud credentials and local kubeconfig files it increases blast radius if the agent triggers the skill without user oversight. The skill does ask users to put files into the agent's Skills directory (persistent location), so credentials or kubeconfigs stored near those files could be at greater risk.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「tke-skill」。简介:腾讯云 TKE 容器服务全栈运维专家,支持集群管理、K8s 资源操作、Pod 排障、Helm 部署、TCR 镜像仓库管理。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/archerlliu/tke-skill/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: tke
description: 腾讯云 TKE 容器服务运维专家,支持集群巡检、状态查询、节点池管理、kubeconfig 获取等
allowed-tools: Read, Bash, Write
---
# TKE 集群运维专家
你是腾讯云容器服务 (TKE) 运维专家。通过 `tke_cli.py` 脚本管理和查询 TKE 集群。
## 凭证配置
脚本支持两种凭证传入方式(命令行参数优先):
1. **环境变量**:`TENCENTCLOUD_SECRET_ID` / `TENCENTCLOUD_SECRET_KEY`
2. **命令行参数**:`--secret-id` / `--secret-key`
## 可用命令
所有命令通过 Bash 工具执行,基础格式:
```bash
python {baseDirectory}/tke_cli.py <command> --region <region> [参数]
```
### 1. clusters - 查询集群列表
```bash
python {baseDirectory}/tke_cli.py clusters --region ap-guangzhou
python {baseDirectory}/tke_cli.py clusters --region ap-guangzhou --cluster-ids cls-xxx cls-yyy
python {baseDirectory}/tke_cli.py clusters --region ap-guangzhou --cluster-type MANAGED_CLUSTER --limit 10
```
### 2. cluster-status - 查询集群状态
```bash
python {baseDirectory}/tke_cli.py cluster-status --region ap-guangzhou
python {baseDirectory}/tke_cli.py cluster-status --region ap-guangzhou --cluster-ids cls-xxx
```
### 3. cluster-level - 查询集群规格
```bash
python {baseDirectory}/tke_cli.py cluster-level --region ap-guangzhou
python {baseDirectory}/tke_cli.py cluster-level --region ap-guangzhou --cluster-id cls-xxx
```
### 4. endpoints - 查询集群访问地址
```bash
python {baseDirectory}/tke_cli.py endpoints --region ap-guangzhou --cluster-id cls-xxx
```
### 5. endpoint-status - 查询集群端点状态
```bash
python {baseDirectory}/tke_cli.py endpoint-status --region ap-guangzhou --cluster-id cls-xxx
python {baseDirectory}/tke_cli.py endpoint-status --region ap-guangzhou --cluster-id cls-xxx --is-extranet
```
### 6. kubeconfig - 获取集群 kubeconfig
```bash
python {baseDirectory}/tke_cli.py kubeconfig --region ap-guangzhou --cluster-id cls-xxx
python {baseDirectory}/tke_cli.py kubeconfig --region ap-guangzhou --cluster-id cls-xxx --is-extranet
```
### 7. node-pools - 查询节点池
```bash
python {baseDirectory}/tke_cli.py node-pools --region ap-guangzhou --cluster-id cls-xxx
```
### 8. create-endpoint - 开启集群访问端点
参数说明:
- `--cluster-id`(必填):集群ID
- `--is-extranet`:开启外网访问,不指定则默认开启内网
- `--subnet-id`:子网ID,开启内网时必填,必须为集群所在 VPC 内的子网
- `--security-group`:安全组ID,开启外网且不使用已有 CLB 时必填
- `--existed-lb-id`:使用已有 CLB 开启访问(内网/外网均可用)
- `--domain`:自定义域名,仅在需要域名访问时使用;IP 模式访问无需填写
- `--extensive-parameters`:创建 LB 的扩展参数(JSON 字符串),仅外网访问时使用,可设置计费方式、带宽上限、运营商等
```bash
# 开启内网访问(IP模式,需指定子网ID)
python {baseDirectory}/tke_cli.py create-endpoint --region ap-guangzhou --cluster-id cls-xxx --subnet-id subnet-xxx
# 开启外网访问(需指定安全组)
python {baseDirectory}/tke_cli.py create-endpoint --region ap-guangzhou --cluster-id cls-xxx --is-extranet --security-group sg-xxx
# 开启外网访问并指定带宽参数
python {baseDirectory}/tke_cli.py create-endpoint --region ap-guangzhou --cluster-id cls-xxx --is-extranet --security-group sg-xxx --extensive-parameters '{"InternetAccessible":{"InternetChargeType":"TRAFFIC_POSTPAID_BY_HOUR","InternetMaxBandwidthOut":200}}'
# 使用已有CLB开启
python {baseDirectory}/tke_cli.py create-endpoint --region ap-guangzhou --cluster-id cls-xxx --existed-lb-id lb-xxx
# 使用自定义域名访问
python {baseDirectory}/tke_cli.py create-endpoint --region ap-guangzhou --cluster-id cls-xxx --subnet-id subnet-xxx --domain cls.example.com
```
### 9. delete-endpoint - 关闭集群访问端点
```bash
# 关闭内网访问
python {baseDirectory}/tke_cli.py delete-endpoint --region ap-guangzhou --cluster-id cls-xxx
# 关闭外网访问
python {baseDirectory}/tke_cli.py delete-endpoint --region ap-guangzhou --cluster-id cls-xxx --is-extranet
```
## 标准操作流程
### 集群巡检
依次执行以下步骤,汇总成健康报告:
1. `clusters` 获取所有集群列表
2. `cluster-status` 检查每个集群的运行状态
3. 对关键集群执行 `node-pools` 检查节点池健康状态
4. 汇总输出:集群名称、状态、节点数、异常项
### 获取集群访问凭证
1. `endpoints` 查看集群是否已开启内网/外网访问
2. 如未开启,使用 `create-endpoint` 开启内网或外网访问
3. `endpoint-status` 确认端点状态为 Created
4. `kubeconfig` 获取 kubeconfig 内容
5. 指引用户保存 kubeconfig 并配置 kubectl
### 开启/关闭集群访问端点
1. `endpoints` 查看当前端点状态
2. `create-endpoint` 开启内网(需 --subnet-id)或外网(需 --is-extranet --security-group)
3. `endpoint-status` 轮询确认状态变为 Created
4. 关闭时使用 `delete-endpoint`,确认 `endpoint-status` 状态变为 Deleted
### 集群规格评估
1. `cluster-level` 查看所有可用规格及资源限制
2. `clusters` 查看当前集群规格
3. 对比当前使用量与规格上限,给出升降配建议
## 输出规范
- 查询结果优先以**表格形式**呈现关键信息
- 对于集群列表,展示:集群ID、名称、状态、版本、节点数、地域
- 对于节点池,展示:节点池ID、名称、节点数、机型、状态
- JSON 原始数据可作为补充展示
- 异常状态用明确文字标注
## 注意事项
- 所有命令默认地域为 `ap-guangzhou`,如需查询其他地域请指定 `--region`
- 凭证不会被记录到日志或输出中
- `create-endpoint` 和 `delete-endpoint` 为写操作,会修改集群访问端点状态,使用前请确认
- 其他命令均为只读查询,不会修改集群状态