{ "schemaVersion": "1.0", "item": { "slug": "azure", "name": "Azure", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/ivangdavila/azure", "canonicalUrl": "https://clawhub.ai/ivangdavila/azure", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/azure", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=azure", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/azure" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/azure", "agentPageUrl": "https://openagent3.xyz/skills/azure/agent", "manifestUrl": "https://openagent3.xyz/skills/azure/agent.json", "briefUrl": "https://openagent3.xyz/skills/azure/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Cost Traps", "body": "Stopped VMs still pay for attached disks and public IPs — deallocate fully with az vm deallocate not just stop from portal\nPremium SSD default on VM creation — switch to Standard SSD for dev/test, saves 50%+\nLog Analytics workspace retention defaults to 30 days free, then charges per GB — set data retention policy and daily cap before production\nBandwidth between regions is charged both ways — keep paired resources in same region, use Private Link for cross-region when needed\nCosmos DB charges for provisioned RU/s even when idle — use serverless for bursty workloads or autoscale with minimum RU setting" }, { "title": "Security Rules", "body": "Resource Groups don't provide network isolation — NSGs and Private Endpoints do. RG is for management, not security boundary\nManaged Identity eliminates secrets for Azure-to-Azure auth — use System Assigned for single-resource, User Assigned for shared identity\nKey Vault soft-delete enabled by default (90 days) — can't reuse vault name until purged, plan naming accordingly\nAzure AD conditional access policies don't apply to service principals — use App Registrations with certificate auth, not client secrets\nPrivate Endpoints don't automatically update DNS — configure Private DNS Zone and link to VNet or resolution fails" }, { "title": "Networking", "body": "NSG rules evaluate by priority (lowest number first) — default rules at 65000+ always lose to custom rules\nApplication Gateway v2 requires dedicated subnet — at least /24 recommended for autoscaling\nAzure Firewall premium SKU required for TLS inspection and IDPS — standard can't inspect encrypted traffic\nVNet peering is non-transitive — hub-and-spoke requires routes in each spoke, or use Azure Virtual WAN\nService Endpoints expose entire service to VNet — Private Endpoints give private IP for specific resource instance" }, { "title": "Performance", "body": "Azure Functions consumption plan has cold start — Premium plan with minimum instances for latency-sensitive\nCosmos DB partition key choice is permanent and determines scale — can't change without recreating container\nApp Service plan density: P1v3 handles ~10 slots, more causes resource contention — monitor CPU/memory per slot\nAzure Cache for Redis Standard tier has no SLA for replication — use Premium for persistence and clustering\nBlob storage hot tier for frequent access — cool has 30-day minimum, archive has 180-day and hours-long rehydration" }, { "title": "Monitoring", "body": "Application Insights sampling kicks in at high volume — telemetry may miss intermittent errors, adjust MaxTelemetryItemsPerSecond\nAzure Monitor alert rules charge per metric tracked — consolidate metrics in Log Analytics for complex alerts\nActivity Log only shows control plane operations — diagnostic settings required for data plane (blob access, SQL queries)\nAlert action groups have rate limits — 1 SMS per 5 min, 1 voice call per 5 min, 100 emails per hour per group\nLog Analytics query timeout is 10 minutes — optimize queries with time filters first, then other predicates" }, { "title": "Infrastructure as Code", "body": "ARM templates fail silently on some property changes — use what-if deployment mode to preview changes\nTerraform azurerm provider state contains secrets in plaintext — use remote backend with encryption (Azure Storage + customer key)\nBicep is ARM's replacement — transpiles to ARM, better tooling, use for new projects\nResource locks prevent accidental deletion but block some operations — CanNotDelete lock still allows modifications\nAzure Policy evaluates on resource creation and updates — existing non-compliant resources need remediation task" }, { "title": "Identity and Access", "body": "RBAC role assignments take up to 30 minutes to propagate — pipeline may fail immediately after assignment\nOwner role can't manage role assignments if PIM requires approval — use separate User Access Administrator\nService principal secret expiration defaults to 1 year — set calendar reminder or use certificate with longer validity\nAzure AD B2C is separate from Azure AD — different tenant, different APIs, different pricing" } ], "body": "Azure Production Rules\nCost Traps\nStopped VMs still pay for attached disks and public IPs — deallocate fully with az vm deallocate not just stop from portal\nPremium SSD default on VM creation — switch to Standard SSD for dev/test, saves 50%+\nLog Analytics workspace retention defaults to 30 days free, then charges per GB — set data retention policy and daily cap before production\nBandwidth between regions is charged both ways — keep paired resources in same region, use Private Link for cross-region when needed\nCosmos DB charges for provisioned RU/s even when idle — use serverless for bursty workloads or autoscale with minimum RU setting\nSecurity Rules\nResource Groups don't provide network isolation — NSGs and Private Endpoints do. RG is for management, not security boundary\nManaged Identity eliminates secrets for Azure-to-Azure auth — use System Assigned for single-resource, User Assigned for shared identity\nKey Vault soft-delete enabled by default (90 days) — can't reuse vault name until purged, plan naming accordingly\nAzure AD conditional access policies don't apply to service principals — use App Registrations with certificate auth, not client secrets\nPrivate Endpoints don't automatically update DNS — configure Private DNS Zone and link to VNet or resolution fails\nNetworking\nNSG rules evaluate by priority (lowest number first) — default rules at 65000+ always lose to custom rules\nApplication Gateway v2 requires dedicated subnet — at least /24 recommended for autoscaling\nAzure Firewall premium SKU required for TLS inspection and IDPS — standard can't inspect encrypted traffic\nVNet peering is non-transitive — hub-and-spoke requires routes in each spoke, or use Azure Virtual WAN\nService Endpoints expose entire service to VNet — Private Endpoints give private IP for specific resource instance\nPerformance\nAzure Functions consumption plan has cold start — Premium plan with minimum instances for latency-sensitive\nCosmos DB partition key choice is permanent and determines scale — can't change without recreating container\nApp Service plan density: P1v3 handles ~10 slots, more causes resource contention — monitor CPU/memory per slot\nAzure Cache for Redis Standard tier has no SLA for replication — use Premium for persistence and clustering\nBlob storage hot tier for frequent access — cool has 30-day minimum, archive has 180-day and hours-long rehydration\nMonitoring\nApplication Insights sampling kicks in at high volume — telemetry may miss intermittent errors, adjust MaxTelemetryItemsPerSecond\nAzure Monitor alert rules charge per metric tracked — consolidate metrics in Log Analytics for complex alerts\nActivity Log only shows control plane operations — diagnostic settings required for data plane (blob access, SQL queries)\nAlert action groups have rate limits — 1 SMS per 5 min, 1 voice call per 5 min, 100 emails per hour per group\nLog Analytics query timeout is 10 minutes — optimize queries with time filters first, then other predicates\nInfrastructure as Code\nARM templates fail silently on some property changes — use what-if deployment mode to preview changes\nTerraform azurerm provider state contains secrets in plaintext — use remote backend with encryption (Azure Storage + customer key)\nBicep is ARM's replacement — transpiles to ARM, better tooling, use for new projects\nResource locks prevent accidental deletion but block some operations — CanNotDelete lock still allows modifications\nAzure Policy evaluates on resource creation and updates — existing non-compliant resources need remediation task\nIdentity and Access\nRBAC role assignments take up to 30 minutes to propagate — pipeline may fail immediately after assignment\nOwner role can't manage role assignments if PIM requires approval — use separate User Access Administrator\nService principal secret expiration defaults to 1 year — set calendar reminder or use certificate with longer validity\nAzure AD B2C is separate from Azure AD — different tenant, different APIs, different pricing" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/ivangdavila/azure", "publisherUrl": "https://clawhub.ai/ivangdavila/azure", "owner": "ivangdavila", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/azure", "downloadUrl": "https://openagent3.xyz/downloads/azure", "agentUrl": "https://openagent3.xyz/skills/azure/agent", "manifestUrl": "https://openagent3.xyz/skills/azure/agent.json", "briefUrl": "https://openagent3.xyz/skills/azure/agent.md" } }