Remote OpenClaw
Menu
SkillsMCPPluginsMarketplaceGuideAgentsAdvertise
Remote OpenClaw
SkillsMCPPluginsMarketplaceGuideAgentsAdvertise
Skills/google/skills/workload-manager-basics

workload-manager-basics

google/skills
568 installs14K stars

Installation

npx skills add https://github.com/google/skills --skill workload-manager-basics

Summary

>-

SKILL.md

Workload Manager Basics

Workload Manager validates enterprise workloads against Google Cloud best practices and recommendations. The public client libraries are centered on evaluations: define a resource scope, choose built-in or custom rules, run an evaluation, then inspect results and scanned resources.

Use This Flow

flowchart LR
    Rules["List rules"] --> Eval["Create or update evaluation"]
    Resources["Project, folder, or org scope"] --> Eval
    Eval --> Run["Run evaluation"]
    Run --> Results["Inspect evaluation results"]
    Results --> Remediate["Remediate findings"]
    Results --> Export["Optional BigQuery export"]

Core API Constraints

To ensure compatibility, security, and successful integration:

  • Public Surface Only: You MUST strictly interact with Workload Manager

using the official public google-cloud-workloadmanager client library or the public REST API (workloadmanager.googleapis.com/v1).

  • No Internal or Undocumented APIs: Do NOT attempt to use internal RPC

protocols, private service backends, or undocumented discovery mechanisms. They are not supported for public integrations and will fail.

  • No Service-Specific CLI: There is no public gcloud workload-manager

CLI command group. Use gcloud only for authentication, IAM role assignment, and fetching raw REST tokens.

  • Sandbox Execution Robustness (Auth/Mock Fallbacks): When gcloud

authentication or Workload Manager API calls fail in sandboxed or restricted environments (e.g., due to Context Aware Access token blocks, missing API enablement, or mock resources returning 404/403), immediately fall back to presenting example code and static findings from your references instead of entering retry loops. Present the correct client library code structure or REST API payload example, clearly explain the auth or resource limitation, and list typical rules or mock findings statically to satisfy the request.

Prerequisites

  1. Enable the Workload Manager API:
    gcloud services enable workloadmanager.googleapis.com --quiet
  1. Authenticate locally using Application Default Credentials (ADC) before

using client libraries:

    gcloud auth application-default login
  1. Ensure the Workload Manager service agent has the required roles granted in

your project (mandatory for API/client library usage, see IAM & Security).

  1. Grant the least-privileged role needed for the task. Start with

roles/workloadmanager.viewer for read-only access to evaluation resources and use roles/workloadmanager.evaluationAdmin or roles/workloadmanager.admin only when creating, updating, running, or deleting evaluations.

Quick Client Library Example

Use the Python client library for the first working automation path:

python3 -m pip install --upgrade google-cloud-workloadmanager
from google.cloud import workloadmanager_v1

project_id = "PROJECT_ID"
location = "LOCATION"
parent = f"projects/{project_id}/locations/{location}"

client = workloadmanager_v1.WorkloadManagerClient()

rules = client.list_rules(
    request=workloadmanager_v1.ListRulesRequest(
        parent=parent,
        evaluation_type=workloadmanager_v1.Evaluation.EvaluationType.OTHER,
    )
)

for rule in rules.rules:
    print(rule.name, rule.display_name, rule.severity)

Reference Directory

  • Core Concepts: Evaluations, rules, results,

scanned resources, supported workload types, and API shape.

  • General Best Practices: Google Cloud

general best-practice posture checks, OTHER evaluation guidance, custom Rego rules, and scale/automation patterns.

  • Client Libraries: Python and Go client

library examples for listing rules, creating evaluations, running evaluations, and reading findings.

  • REST Usage: Direct REST examples for the public

Workload Manager API and operations polling.

  • Public CLI Status: No documented

service-specific gcloud workload-manager command group; use gcloud only for auth, IAM, API enablement, and REST tokens.

  • Public MCP Status: No documented public

Workload Manager MCP server; use client libraries or REST API instead.

  • Setup Prerequisites: Terraform examples

only for adjacent prerequisites such as API enablement, IAM, BigQuery export datasets, and KMS keys. This is not Workload Manager resource management.

  • IAM & Security: Workload Manager roles,

least-privilege guidance, service agents, data handling, and CMEK notes.

If product behavior or API fields are not covered here, check the current Workload Manager product documentation and client library reference before implementing.

Authoritative References

  • Workload Manager overview
  • Google Cloud best practices
  • Workload Manager REST API
  • About custom rules
  • Write custom rules using Rego
  • Python package
  • Workload Manager IAM roles
  • For additional information, use the Developer Knowledge MCP server search_documents tool.

Additional Context

  • Mastering cloud posture management with Workload Manager

Featured

SetupClaw: done-for-you OpenClaw for founders & exec teams logoSetupClaw: done-for-you OpenClaw for founders & exec teams

White-glove OpenClaw for founders and exec teams (4–50+ employees): we install, harden, integrate your tools, and maintain it — secured from day one.

Get it set up for you →
MoltAwards - Agent internet for government contracts + jobs. logoMoltAwards - Agent internet for government contracts + jobs.

MoltAwards is an agent-native social layer for matchawards.com.

Learn more →
CLN.Work — Stop prompting, start hiring AI employees logoCLN.Work — Stop prompting, start hiring AI employees

Turn your Claude agents into a real team — onboard them, assign tasks, and manage them like staff.

Hire AI employees →
Deploy your own AI agent logoDeploy your own AI agent

Launch OpenClaw or Hermes on Hostinger in about 60 seconds, keep your agent live 24/7, earn 20%-40% on your next referral up to $25-$45, and give your friend 20% off.

Launch on Hostinger →AdvertiseGet your AI tool in front of 67,000+ AI enthusiastsSee placements & pricing →

Categories

External Downloads
View on GitHub

Recommended skills

Browse all →

firebase-basics

firebase/agent-skills

91K installsInstall

firebase-auth-basics

firebase/agent-skills

91K installsInstall

firebase-hosting-basics

firebase/agent-skills

89K installsInstall

firebase-app-hosting-basics

firebase/agent-skills

88K installsInstall

find-skills

vercel-labs/skills

2.2M installsInstall

frontend-design

anthropics/skills

591K installsInstall

Browse

Skills by category

Frontend250Git198Data154Testing120Design105Docs103Security96Automation87Backend76Devops37Productivity29Mcp23

Advertise on Remote OpenClaw

Get your AI tool in front of 67,000+ AI enthusiasts a month

See placements & pricing →

Remote OpenClaw

AI agent skills directory, marketplace, and workflow hub for OpenClaw, Hermes Agent, Claude Code, Codex, and MCP-powered operator stacks.

Explore

  • Home
  • Skills Directory
  • Claude Code Skills
  • Codex Skills
  • Marketplace
  • Hermes Ecosystem
  • Agents
  • Guide
  • Learn
  • Blog

More

  • Playbook
  • Free Tools
  • Shipping
  • Contact
  • Terms
  • Privacy
© 2026 Remote OpenClaw