alibabacloud-openclaw-ecs-dingtalk

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Deploy OpenClaw on ECS with DingTalk Integration

在ECS上部署OpenClaw并集成钉钉

Deploy OpenClaw AI agent platform on an Alibaba Cloud ECS instance with one click, configure Alibaba Cloud Bailian LLM, and connect to a DingTalk group via a DingTalk bot, enabling users to chat with AI directly in DingTalk.

Source: This Skill is based on Alibaba Cloud official documentation and OpenClaw open-source project documentation. See reference links at the end.
Version: This Skill is written for OpenClaw March 2026 release and the
@dingtalk-real-ai/dingtalk-connector
plugin, verified on 2026-03-11.

一键在阿里云ECS实例上部署OpenClaw AI agent平台，配置阿里云百炼（Bailian）大模型，通过钉钉机器人接入钉钉群，让用户可以直接在钉钉内与AI聊天。

来源：本Skill基于阿里云官方文档和OpenClaw开源项目文档编写，参考链接见文末。
版本：本Skill针对OpenClaw 2026年3月版本和
@dingtalk-real-ai/dingtalk-connector
插件编写，于2026-03-11完成验证。

Parameter Collection

参数收集

Before execution, prompt the user to provide all required parameters in a single message. Do not proceed until all required parameters are received and confirmed.

执行前，请提示用户在单条消息中提供所有必填参数。在收到并确认所有必填参数前，请勿继续操作。

Input Validation

输入校验

Validate all user inputs before use to prevent command injection. Reject inputs containing shell special characters (

, backticks, parentheses, brackets, newlines). Parameters must match expected formats:

```
region
```
:
```
cn-[a-z]+
```
,
```
ap-[a-z]+
```
,
```
us-[a-z]+
```
etc.
```
instance_type
```
:
```
ecs.[a-z0-9]+.[a-z0-9]+
```

vpc_id/vswitch_id/security_group_id

vpc-/vsw-/sg-[a-z0-9]+

```
dingtalk_client_id
```
:
```
ding[a-z0-9]+
```
```
dingtalk_client_secret
```
: 16-64 alphanumeric chars

When passing parameters to Cloud Assistant

RunCommand

, use base64 encoding for sensitive values.

使用前请校验所有用户输入，防止命令注入。拒绝包含shell特殊字符（

、

、反引号、括号、方括号、换行符）的输入。参数必须符合预期格式：

```
region
```
：
```
cn-[a-z]+
```
、
```
ap-[a-z]+
```
、
```
us-[a-z]+
```
等
```
instance_type
```
：
```
ecs.[a-z0-9]+.[a-z0-9]+
```

vpc_id/vswitch_id/security_group_id

：

vpc-/vsw-/sg-[a-z0-9]+

```
dingtalk_client_id
```
：
```
ding[a-z0-9]+
```
```
dingtalk_client_secret
```
：16-64位字母数字组合

向云助手

RunCommand

传递参数时，敏感值请使用base64编码。

ECS Instance Parameters

ECS实例参数

Parameter	Required	Description	Example
`region`	Yes	Deployment region	`cn-hangzhou`
`instance_type`	No	ECS instance type (default: `ecs.c6.large` , 2 vCPU 4 GB)	`ecs.c6.large`
`image_id`	No	OS image (default: Ubuntu 22.04)	Auto-selected
`vpc_id`	No	Existing VPC ID (auto-created if not provided)	`vpc-xxx`
`vswitch_id`	No	Existing VSwitch ID (auto-created if not provided)	`vsw-xxx`
`security_group_id`	No	Existing Security Group ID (auto-created if not provided)	`sg-xxx`

参数	是否必填	描述	示例
`region`	是	部署区域	`cn-hangzhou`
`instance_type`	否	ECS实例规格（默认： `ecs.c6.large` ，2 vCPU 4 GB）	`ecs.c6.large`
`image_id`	否	操作系统镜像（默认：Ubuntu 22.04）	自动选择
`vpc_id`	否	已有VPC ID（未提供则自动创建）	`vpc-xxx`
`vswitch_id`	否	已有VSwitch ID（未提供则自动创建）	`vsw-xxx`
`security_group_id`	否	已有安全组ID（未提供则自动创建）	`sg-xxx`

OpenClaw and Bailian Parameters

OpenClaw与百炼参数

The Bailian API Key (

bailian_api_key

) is automatically obtained via CLI during deployment (see Step 2). No manual console operation is needed. The Skill uses

aliyun maas

commands (ListWorkspaces + ListApiKeys/CreateApiKey) to retrieve or create an API Key programmatically.

Prerequisites: The user's Alibaba Cloud account must have the Bailian (Model Studio) service activated. If not activated, guide the user to visit Bailian Console to activate it first.

百炼API Key（

bailian_api_key

）会在部署过程中通过CLI自动获取（见步骤2），无需手动在控制台操作。本Skill使用

aliyun maas

命令（ListWorkspaces + ListApiKeys/CreateApiKey）以编程方式检索或创建API Key。

前提条件：用户的阿里云账号必须已开通百炼（Model Studio）服务。如果未开通，引导用户先访问百炼控制台开通服务。

DingTalk Integration Parameters

钉钉集成参数

Parameter	Required	Description	Example
`dingtalk_client_id`	Yes	DingTalk app Client ID	`dingxxxxxx`
`dingtalk_client_secret`	Yes	DingTalk app Client Secret	`xxxxxxxxxxxxx`

If the user has not created a DingTalk app, guide them to refer to the DingTalk App Setup Guide to create an app, configure the bot, add permissions, publish the app, and obtain credentials.

参数	是否必填	描述	示例
`dingtalk_client_id`	是	钉钉应用Client ID	`dingxxxxxx`
`dingtalk_client_secret`	是	钉钉应用Client Secret	`xxxxxxxxxxxxx`

如果用户还未创建钉钉应用，引导用户参考钉钉应用配置指南创建应用、配置机器人、添加权限、发布应用并获取凭证。

Execution Constraints

执行约束

Sensitive information masking: Mask middle portion of passwords, keys, tokens, IPs, instance IDs (e.g.,
```
ak****3d
```
,
```
i-bp1****7f2z
```
)
Input validation: Reject shell special characters (
```
;
```
,
```
|
```
,
```
&
```
,
```
$
```
, backticks, etc.). Use parameterized API calls
Command injection prevention: Encode sensitive values for Cloud Assistant RunCommand using base64
Network timeout: All curl/wget operations must include
```
--connect-timeout
```
and
```
--max-time
```
parameters
Execute steps in order; verify success after each step; inform user of current step
If any step fails, ask user for confirmation before continuing
Cloud Assistant
```
RunCommand
```
results: poll
```
DescribeInvocations
```
every 15+ seconds
Destructive operations: Confirm with user and verify resource state before deletion

敏感信息脱敏：对密码、密钥、令牌、IP、实例ID的中间部分进行脱敏（例如
```
ak****3d
```
、
```
i-bp1****7f2z
```
）
输入校验：拒绝包含shell特殊字符（
```
;
```
、
```
|
```
、
```
&
```
、
```
$
```
、反引号等）的输入，使用参数化API调用
命令注入防护：云助手RunCommand的敏感值使用base64编码
网络超时：所有curl/wget操作必须包含
```
--connect-timeout
```
和
```
--max-time
```
参数
按顺序执行步骤，每步完成后验证成功，告知用户当前执行步骤
若任何步骤失败，继续前需征求用户确认
云助手
```
RunCommand
```
结果：每15秒以上轮询一次
```
DescribeInvocations
```
破坏性操作：删除资源前需与用户确认并验证资源状态

Step 1: Create ECS Instance

步骤1：创建ECS实例

1.1 Verify Alibaba Cloud Account

1.1 验证阿里云账号

bash

aliyun sts GetCallerIdentity \
  --user-agent AlibabaCloud-Agent-Skills

bash

aliyun sts GetCallerIdentity \
  --user-agent AlibabaCloud-Agent-Skills

1.2 Check Zone Availability

1.2 检查可用区库存

Query which availability zones have stock for the target instance type to avoid creating resources in an unavailable zone:

bash

aliyun ecs DescribeAvailableResource \
  --RegionId ${region} \
  --DestinationResource InstanceType \
  --InstanceChargeType PostPaid \
  --InstanceType ${instance_type} \
  --user-agent AlibabaCloud-Agent-Skills

Select a zone where

StatusCategory

WithStock

from the result, record as

${zone_id}

查询目标实例规格在哪些可用区有库存，避免在不可用区域创建资源：

bash

aliyun ecs DescribeAvailableResource \
  --RegionId ${region} \
  --DestinationResource InstanceType \
  --InstanceChargeType PostPaid \
  --InstanceType ${instance_type} \
  --user-agent AlibabaCloud-Agent-Skills

从结果中选择

StatusCategory

为

WithStock

的可用区，记录为

${zone_id}

。

1.3 Create VPC and VSwitch (if not provided by user)

1.3 创建VPC和VSwitch（若用户未提供）

bash

undefined

bash

undefined

Create VPC

创建VPC

aliyun vpc CreateVpc
--RegionId ${region}
--VpcName openclaw-vpc
--CidrBlock 172.16.0.0/16
--user-agent AlibabaCloud-Agent-Skills

Create VSwitch (use the zone with stock found in the previous step)

创建VSwitch（使用上一步查到的有库存的可用区）

aliyun vpc CreateVSwitch
--RegionId ${region}
--VpcId ${vpc_id}
--VSwitchName openclaw-vswitch
--CidrBlock 172.16.0.0/24
--ZoneId ${zone_id}
--user-agent AlibabaCloud-Agent-Skills

undefined

aliyun vpc CreateVSwitch
--RegionId ${region}
--VpcId ${vpc_id}
--VSwitchName openclaw-vswitch
--CidrBlock 172.16.0.0/24
--ZoneId ${zone_id}
--user-agent AlibabaCloud-Agent-Skills

undefined

1.4 Create Security Group and Configure Rules

1.4 创建安全组并配置规则

bash

undefined

bash

undefined

Create security group

创建安全组

aliyun ecs CreateSecurityGroup
--RegionId ${region}
--VpcId ${vpc_id}
--SecurityGroupName openclaw-sg
--Description "Security group for OpenClaw"
--user-agent AlibabaCloud-Agent-Skills

Allow SSH (port 22)

放行SSH（22端口）

aliyun ecs AuthorizeSecurityGroup
--RegionId ${region}
--SecurityGroupId ${security_group_id}
--IpProtocol tcp
--PortRange 22/22
--SourceCidrIp 0.0.0.0/0
--user-agent AlibabaCloud-Agent-Skills

Allow HTTP (port 80) and HTTPS (port 443)

放行HTTP（80端口）和HTTPS（443端口）

aliyun ecs AuthorizeSecurityGroup
--RegionId ${region}
--SecurityGroupId ${security_group_id}
--IpProtocol tcp
--PortRange 80/80
--SourceCidrIp 0.0.0.0/0
--user-agent AlibabaCloud-Agent-Skills

aliyun ecs AuthorizeSecurityGroup
--RegionId ${region}
--SecurityGroupId ${security_group_id}
--IpProtocol tcp
--PortRange 443/443
--SourceCidrIp 0.0.0.0/0
--user-agent AlibabaCloud-Agent-Skills

undefined

aliyun ecs AuthorizeSecurityGroup
--RegionId ${region}
--SecurityGroupId ${security_group_id}
--IpProtocol tcp
--PortRange 80/80
--SourceCidrIp 0.0.0.0/0
--user-agent AlibabaCloud-Agent-Skills

aliyun ecs AuthorizeSecurityGroup
--RegionId ${region}
--SecurityGroupId ${security_group_id}
--IpProtocol tcp
--PortRange 443/443
--SourceCidrIp 0.0.0.0/0
--user-agent AlibabaCloud-Agent-Skills

undefined

1.5 Create ECS Instance

1.5 创建ECS实例

First, query the latest Ubuntu 22.04 system image ID in the target region:

bash

aliyun ecs DescribeImages \
  --RegionId ${region} \
  --OSType linux \
  --ImageOwnerAlias system \
  --ImageName "ubuntu_22_04*" \
  --Status Available \
  --PageSize 1 \
  --user-agent AlibabaCloud-Agent-Skills

Get the latest

ImageId

from the result, then create the instance (note: do not set

InternetMaxBandwidthOut

; public network access will be configured via EIP later):

bash

aliyun ecs RunInstances \
  --RegionId ${region} \
  --InstanceType ${instance_type} \
  --ImageId ${image_id} \
  --SecurityGroupId ${security_group_id} \
  --VSwitchId ${vswitch_id} \
  --SystemDisk.Category cloud_essd \
  --SystemDisk.Size 40 \
  --InstanceChargeType PostPaid \
  --InstanceName openclaw-server \
  --Amount 1 \
  --user-agent AlibabaCloud-Agent-Skills

首先查询目标区域最新的Ubuntu 22.04系统镜像ID：

bash

aliyun ecs DescribeImages \
  --RegionId ${region} \
  --OSType linux \
  --ImageOwnerAlias system \
  --ImageName "ubuntu_22_04*" \
  --Status Available \
  --PageSize 1 \
  --user-agent AlibabaCloud-Agent-Skills

从结果中获取最新的

ImageId

，然后创建实例（注意：不要设置

InternetMaxBandwidthOut

，后续将通过EIP配置公网访问）：

bash

aliyun ecs RunInstances \
  --RegionId ${region} \
  --InstanceType ${instance_type} \
  --ImageId ${image_id} \
  --SecurityGroupId ${security_group_id} \
  --VSwitchId ${vswitch_id} \
  --SystemDisk.Category cloud_essd \
  --SystemDisk.Size 40 \
  --InstanceChargeType PostPaid \
  --InstanceName openclaw-server \
  --Amount 1 \
  --user-agent AlibabaCloud-Agent-Skills

1.6 Configure Public Network Access (EIP)

1.6 配置公网访问（EIP）

Create an Elastic IP Address and bind it to the ECS instance with 100 Mbps bandwidth (OpenClaw installation requires downloading many npm packages):

bash

undefined

创建弹性公网IP并绑定到ECS实例，带宽配置为100 Mbps（OpenClaw安装需要下载大量npm包）：

bash

undefined

Create EIP (100 Mbps bandwidth)

创建EIP（100 Mbps带宽）

aliyun vpc AllocateEipAddress
--RegionId ${region}
--Bandwidth 100
--InternetChargeType PayByTraffic
--user-agent AlibabaCloud-Agent-Skills

Bind EIP to ECS instance

将EIP绑定到ECS实例

aliyun vpc AssociateEipAddress
--RegionId ${region}
--AllocationId ${eip_allocation_id}
--InstanceId ${instance_id}
--InstanceType EcsInstance
--user-agent AlibabaCloud-Agent-Skills


Record the EIP address for subsequent SSH connections and Cloud Assistant command execution.

aliyun vpc AssociateEipAddress
--RegionId ${region}
--AllocationId ${eip_allocation_id}
--InstanceId ${instance_id}
--InstanceType EcsInstance
--user-agent AlibabaCloud-Agent-Skills


记录EIP地址，用于后续SSH连接和云助手命令执行。

1.7 Start Instance and Wait for Running State

1.7 启动实例并等待运行状态

bash

undefined

bash

undefined

Start instance

启动实例

aliyun ecs StartInstance
--InstanceId ${instance_id}
--user-agent AlibabaCloud-Agent-Skills

Query instance status, confirm it is Running

查询实例状态，确认已处于Running状态

aliyun ecs DescribeInstances
--RegionId ${region}
--InstanceIds '["${instance_id}"]'
--user-agent AlibabaCloud-Agent-Skills

---

aliyun ecs DescribeInstances
--RegionId ${region}
--InstanceIds '["${instance_id}"]'
--user-agent AlibabaCloud-Agent-Skills

---

Step 2: Obtain Bailian API Key via CLI

步骤2：通过CLI获取百炼API Key

Use the

aliyun maas

CLI plugin to automatically retrieve or create a Bailian API Key, eliminating the need for manual console operations.

使用

aliyun maas

CLI插件自动检索或创建百炼API Key，无需手动在控制台操作。

2.1 Install the MaaS CLI Plugin

2.1 安装MaaS CLI插件

The

aliyun maas

commands require the

aliyun-cli-maas

plugin:

bash

aliyun plugin install --names aliyun-cli-maas \
  --user-agent AlibabaCloud-Agent-Skills

aliyun maas

命令需要

aliyun-cli-maas

插件：

bash

aliyun plugin install --names aliyun-cli-maas \
  --user-agent AlibabaCloud-Agent-Skills

2.2 List Workspaces (must run first)

2.2 列出工作空间（必须先执行）

workspace-id
is a required parameter for ListApiKeys and CreateApiKey, so you must obtain it via ListWorkspaces first. Every Alibaba Cloud account with Bailian activated has a default workspace:

bash

aliyun maas list-workspaces \
  --region ${region} \
  --user-agent AlibabaCloud-Agent-Skills

Record the

WorkspaceId

from the result as

${workspace_id}

. If the result is empty (no workspaces), the user has not activated the Bailian service yet — guide them to activate it at the Bailian Console.

workspace-id
是ListApiKeys和CreateApiKey的必填参数，因此必须先通过ListWorkspaces获取。每个开通了百炼服务的阿里云账号都有一个默认工作空间：

bash

aliyun maas list-workspaces \
  --region ${region} \
  --user-agent AlibabaCloud-Agent-Skills

将结果中的

WorkspaceId

记录为

${workspace_id}

。如果结果为空（无工作空间），说明用户尚未开通百炼服务——引导用户到百炼控制台开通服务。

2.3 List Existing API Keys (requires workspace_id)

2.3 列出现有API Key（需要workspace_id）

Use the

${workspace_id}

obtained in the previous step to query existing API Keys in that workspace:

bash

aliyun maas list-api-keys \
  --workspace-id ${workspace_id} \
  --region ${region} \
  --user-agent AlibabaCloud-Agent-Skills

If an existing API Key is found, record its

ApiKeyValue

(in

sk-xxx

format) as

${bailian_api_key}

and skip step 2.4.

使用上一步获取的

${workspace_id}

查询该工作空间下的现有API Key：

bash

aliyun maas list-api-keys \
  --workspace-id ${workspace_id} \
  --region ${region} \
  --user-agent AlibabaCloud-Agent-Skills

如果找到现有API Key，将其

ApiKeyValue

（

sk-xxx

格式）记录为

${bailian_api_key}

，跳过步骤2.4。

2.4 Create API Key (only if 2.3 returns no results)

2.4 创建API Key（仅当2.3无返回结果时执行）

Only when no API Key was found in the previous step, create a new one using the same

${workspace_id}

bash

aliyun maas create-api-key \
  --workspace-id ${workspace_id} \
  --description "OpenClaw deployment API Key" \
  --region ${region} \
  --user-agent AlibabaCloud-Agent-Skills

Record the

ApiKeyValue

(in

sk-xxx

format) from the response as

${bailian_api_key}

Important: The full API Key value is only visible at creation time. Subsequent queries will only return a masked value. Make sure to record the complete key in this step.

仅当上一步未找到API Key时，使用相同的

${workspace_id}

创建新的API Key：

bash

aliyun maas create-api-key \
  --workspace-id ${workspace_id} \
  --description "OpenClaw deployment API Key" \
  --region ${region} \
  --user-agent AlibabaCloud-Agent-Skills

将响应中的

ApiKeyValue

（

sk-xxx

格式）记录为

${bailian_api_key}

。

重要：完整的API Key值仅在创建时可见，后续查询仅返回脱敏值，请务必在本步骤记录完整密钥。

Step 3: Install Base Environment via Cloud Assistant

步骤3：通过云助手安装基础环境

Use Alibaba Cloud Cloud Assistant to remotely execute commands on the ECS instance without manual SSH connection.

Combine Git installation, Node.js 22.x installation, and npm China mirror configuration into a single command to reduce waiting time:

bash

aliyun ecs RunCommand \
  --RegionId ${region} \
  --Type RunShellScript \
  --CommandContent "apt-get update -y && apt-get install -y git curl wget && curl -fsSL --connect-timeout 30 --max-time 300 https://deb.nodesource.com/setup_22.x | bash - && apt-get install -y nodejs && npm config set registry https://registry.npmmirror.com && node -v && npm -v" \
  --InstanceId.1 ${instance_id} \
  --Timeout 600 \
  --user-agent AlibabaCloud-Agent-Skills

Use

DescribeInvocations

to query the command execution result and confirm success:

bash

aliyun ecs DescribeInvocations \
  --RegionId ${region} \
  --InvokeId ${invoke_id} \
  --user-agent AlibabaCloud-Agent-Skills

Confirm Node.js version is v22.x.x in the output.

Polling tip: This command typically takes 2-5 minutes to complete. When querying
DescribeInvocations
, poll every 15-30 seconds to avoid excessive polling. The command is finished when
InvocationStatus
changes from
Running
to
Success
or
Failed
.

使用阿里云云助手在ECS实例上远程执行命令，无需手动SSH连接。

将Git安装、Node.js 22.x安装、npm中国镜像配置合并为一条命令，减少等待时间：

bash

aliyun ecs RunCommand \
  --RegionId ${region} \
  --Type RunShellScript \
  --CommandContent "apt-get update -y && apt-get install -y git curl wget && curl -fsSL --connect-timeout 30 --max-time 300 https://deb.nodesource.com/setup_22.x | bash - && apt-get install -y nodejs && npm config set registry https://registry.npmmirror.com && node -v && npm -v" \
  --InstanceId.1 ${instance_id} \
  --Timeout 600 \
  --user-agent AlibabaCloud-Agent-Skills

使用

DescribeInvocations

查询命令执行结果，确认执行成功：

bash

aliyun ecs DescribeInvocations \
  --RegionId ${region} \
  --InvokeId ${invoke_id} \
  --user-agent AlibabaCloud-Agent-Skills

确认输出中的Node.js版本为v22.x.x。

轮询提示：该命令通常需要2-5分钟完成。查询
DescribeInvocations
时，每15-30秒轮询一次避免过度请求。当
InvocationStatus
从
Running
变为
Success
或
Failed
时，命令执行完成。

Step 4: One-Click OpenClaw Installation

步骤4：一键安装OpenClaw

Use the installation script to complete OpenClaw setup, Bailian API configuration, and DingTalk plugin installation.

Security: Sensitive parameters are passed via base64 encoding to prevent command injection.

bash

undefined

使用安装脚本完成OpenClaw搭建、百炼API配置和钉钉插件安装。

安全提示：敏感参数通过base64编码传递，防止命令注入。

bash

undefined

Encode sensitive parameters

编码敏感参数

BAILIAN_KEY_B64=$(echo -n "${bailian_api_key}" | base64) DINGTALK_ID_B64=$(echo -n "${dingtalk_client_id}" | base64) DINGTALK_SECRET_B64=$(echo -n "${dingtalk_client_secret}" | base64)

aliyun ecs RunCommand
--RegionId ${region}
--Type RunShellScript
--CommandContent "curl -fsSL --connect-timeout 30 --max-time 300 https://openclaw-install-scripts.oss-cn-hangzhou.aliyuncs.com/install.sh -o /tmp/openclaw-install.sh && BAILIAN_API_KEY=$(echo '${BAILIAN_KEY_B64}' | base64 -d) DINGTALK_CLIENT_ID=$(echo '${DINGTALK_ID_B64}' | base64 -d) DINGTALK_CLIENT_SECRET=$(echo '${DINGTALK_SECRET_B64}' | base64 -d) bash /tmp/openclaw-install.sh --api-key "$BAILIAN_API_KEY" --api-region '${region}' --dingtalk-client-id "$DINGTALK_CLIENT_ID" --dingtalk-client-secret "$DINGTALK_CLIENT_SECRET""
--InstanceId.1 ${instance_id}
--Timeout 600
--user-agent AlibabaCloud-Agent-Skills


The script auto-completes: OpenClaw npm install, Bailian API config, DingTalk plugin install, gateway startup. Query `DescribeInvocations` to confirm `Gateway started` (poll every 30s, 3-8 min).

---

BAILIAN_KEY_B64=$(echo -n "${bailian_api_key}" | base64) DINGTALK_ID_B64=$(echo -n "${dingtalk_client_id}" | base64) DINGTALK_SECRET_B64=$(echo -n "${dingtalk_client_secret}" | base64)


脚本会自动完成：OpenClaw npm安装、百炼API配置、钉钉插件安装、网关启动。查询`DescribeInvocations`确认出现`Gateway started`（每30秒轮询一次，耗时3-8分钟）。

---

Step 5: Acceptance Testing

步骤5：验收测试

5.1 Verify Gateway Status

5.1 验证网关状态

bash

aliyun ecs RunCommand \
  --RegionId ${region} \
  --Type RunShellScript \
  --CommandContent "openclaw gateway status" \
  --InstanceId.1 ${instance_id} \
  --Timeout 60 \
  --user-agent AlibabaCloud-Agent-Skills

Confirm the gateway status is

running

and the DingTalk channel plugin is loaded.

bash

aliyun ecs RunCommand \
  --RegionId ${region} \
  --Type RunShellScript \
  --CommandContent "openclaw gateway status" \
  --InstanceId.1 ${instance_id} \
  --Timeout 60 \
  --user-agent AlibabaCloud-Agent-Skills

确认网关状态为

running

，且钉钉渠道插件已加载。

5.2 Test in DingTalk

5.2 钉钉端测试

Guide the user:

Confirm they have completed app creation, permission configuration, publishing, and added the bot to a group per the DingTalk App Setup Guide
In the DingTalk group where the bot was added, @mention the bot and send a message (e.g., "Hello, please introduce yourself")
Wait for the bot to reply

Acceptance criteria: The bot replies normally in the DingTalk group with content generated by the Bailian LLM. This confirms successful deployment.

引导用户操作：

确认已按照钉钉应用配置指南完成应用创建、权限配置、发布，并将机器人添加到群中
在添加了机器人的钉钉群中@机器人并发送消息（例如："你好，请介绍一下你自己"）
等待机器人回复

验收标准：机器人在钉钉群中正常回复，内容由百炼大模型生成，说明部署成功。

5.3 Deployment Completion Report

5.3 部署完成报告

After confirming all components are running normally, provide the user with a deployment summary:

ECS instance ID and EIP public IP
OpenClaw version and service status
Bailian model configuration (model name, API endpoint)
DingTalk app name and bot status
Cost information

确认所有组件正常运行后，向用户提供部署总结：

ECS实例ID和EIP公网IP
OpenClaw版本和服务状态
百炼模型配置（模型名称、API端点）
钉钉应用名称和机器人状态
成本信息

Resource Cleanup

资源清理

Warning: Resource deletion is irreversible. Always confirm with user before executing.

警告：资源删除不可逆，执行前务必与用户确认。

Pre-Deletion Checks

删除前检查

Before deletion, prompt user: "The following resources will be permanently deleted: ${instance_id}, ${eip_allocation_id}, ${security_group_id}, ${vswitch_id}, ${vpc_id}. This action is irreversible. Confirm with 'yes' to continue."

Only proceed after explicit "yes" confirmation.

删除前提示用户："以下资源将被永久删除：${instance_id}, ${eip_allocation_id}, ${security_group_id}, ${vswitch_id}, ${vpc_id}。该操作不可逆，确认请回复'yes'继续。"

仅在收到明确的"yes"确认后再继续操作。

Deletion Sequence

删除顺序

Delete in dependency order (instance → EIP → security group → VSwitch → VPC):

bash

undefined

按依赖顺序删除（实例 → EIP → 安全组 → VSwitch → VPC）：

bash

undefined

1. Stop instance if running, then delete

1. 如果实例正在运行则先停止，再删除

aliyun ecs StopInstance --InstanceId ${instance_id} --user-agent AlibabaCloud-Agent-Skills

Poll DescribeInstances until Status='Stopped'

轮询DescribeInstances直到Status='Stopped'

aliyun ecs DeleteInstance --InstanceId ${instance_id} --user-agent AlibabaCloud-Agent-Skills

2. Release EIP (after confirming unassociated)

2. 释放EIP（确认已解绑后执行）

aliyun vpc ReleaseEipAddress --RegionId ${region} --AllocationId ${eip_allocation_id} --user-agent AlibabaCloud-Agent-Skills

3. Delete security group (after confirming no instances)

3. 删除安全组（确认无关联实例后执行）

aliyun ecs DeleteSecurityGroup --RegionId ${region} --SecurityGroupId ${security_group_id} --user-agent AlibabaCloud-Agent-Skills

4. Delete VSwitch then VPC (after confirming empty)

4. 删除VSwitch再删除VPC（确认无关联资源后执行）

aliyun vpc DeleteVSwitch --VSwitchId ${vswitch_id} --user-agent AlibabaCloud-Agent-Skills aliyun vpc DeleteVpc --VpcId ${vpc_id} --user-agent AlibabaCloud-Agent-Skills

undefined

aliyun vpc DeleteVSwitch --VSwitchId ${vswitch_id} --user-agent AlibabaCloud-Agent-Skills aliyun vpc DeleteVpc --VpcId ${vpc_id} --user-agent AlibabaCloud-Agent-Skills

undefined

Cost Impact

成本说明

ECS instance: 2 vCPU 4 GB (ecs.c6.large) pay-as-you-go, approximately 0.3-0.5 CNY/hour (subject to actual console pricing)
EIP bandwidth: 100 Mbps pay-by-traffic
Bailian model calls: New users have a free quota; charges apply per token usage after exceeding the quota

Note: The above costs are for reference only. Please refer to the actual pricing and bills shown in the Alibaba Cloud console.

ECS实例：2 vCPU 4 GB（ecs.c6.large）按量付费，约0.3-0.5元/小时（以控制台实际定价为准）
EIP带宽：100 Mbps按流量付费
百炼模型调用：新用户有免费额度，超出额度后按token使用量收费

注意：以上成本仅供参考，请以阿里云控制台显示的实际定价和账单为准。

Common Troubleshooting

常见问题排查

Symptom	Possible Cause	Solution
DingTalk bot not responding	Gateway not running	Execute `openclaw gateway status` via Cloud Assistant to check status
Reply with "0 characters" empty message	Bailian model config lost	Check if `models.providers` in `~/.openclaw/openclaw.json` contains `alibaba-cloud`
401 error	Gateway Token mismatch	Check if `gateway.auth.token` matches `channels.dingtalk-connector.gatewayToken`
AI Card not displaying	Missing card permissions	Add `Card.Streaming.Write` and `Card.Instance.Write` permissions in DingTalk Open Platform
npm install timeout	Network issue	Confirm npm China mirror is configured; confirm EIP bandwidth is sufficient

现象	可能原因	解决方案
钉钉机器人无响应	网关未运行	通过云助手执行 `openclaw gateway status` 检查状态
回复"0字符"空消息	百炼模型配置丢失	检查 `~/.openclaw/openclaw.json` 中的 `models.providers` 是否包含 `alibaba-cloud`
401错误	网关Token不匹配	检查 `gateway.auth.token` 是否与 `channels.dingtalk-connector.gatewayToken` 一致
AI卡片不显示	缺少卡片权限	在钉钉开放平台添加 `Card.Streaming.Write` 和 `Card.Instance.Write` 权限
npm安装超时	网络问题	确认已配置npm中国镜像，确认EIP带宽充足

Reference Links

参考链接

Resource	Link
Bailian API Key Guide	references/bailian-api-key-guide.md
DingTalk App Setup Guide	references/dingtalk-setup-guide.md
Alibaba Cloud Deploy OpenClaw	https://help.aliyun.com/zh/simple-application-server/use-cases/quickly-deploy-and-use-openclaw
DingTalk Open Platform ECS Deployment	https://open.dingtalk.com/document/dingstart/deployment-alibaba-cloud-ecs-server
OpenClaw Official Website	https://openclaw.ai/
Bailian Console	https://bailian.console.aliyun.com/
DingTalk Open Platform	https://open.dingtalk.com/

资源	链接
百炼API Key指南	references/bailian-api-key-guide.md
钉钉应用配置指南	references/dingtalk-setup-guide.md
阿里云部署OpenClaw	https://help.aliyun.com/zh/simple-application-server/use-cases/quickly-deploy-and-use-openclaw
钉钉开放平台ECS部署	https://open.dingtalk.com/document/dingstart/deployment-alibaba-cloud-ecs-server
OpenClaw官网	https://openclaw.ai/
百炼控制台	https://bailian.console.aliyun.com/
钉钉开放平台	https://open.dingtalk.com/