← Back to Skills Marketplace
lichas

Pve Automation

by Lua · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
437
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install pve-automation
Description
Automate Proxmox VE (PVE) virtual machine and container management tasks including VM lifecycle operations (create, start, stop, delete), template management...
Usage Guidance
This skill appears to implement a real Proxmox API client and documentation, but there are important mismatches and risky defaults you should consider before installing: - Metadata vs reality: The package metadata declares no required credentials, but the code and README require PVE_HOST, PVE_TOKEN_ID and PVE_SECRET. Treat this as an omission — ask the publisher to update the metadata or avoid using until clarified. - Secrets and privilege: The client defaults to root@pam and expects API tokens; prefer creating a least-privilege API token for automation instead of root-level tokens. Do not paste high-privilege tokens into untrusted contexts. - SSL verification: The client and README use verify=False by default. That is unsafe for untrusted networks — enable certificate verification in production or only run in a trusted internal network. - Local file/command suggestions: SKILL.md suggests running commands that read local files (e.g., grep /etc/default/pveproxy). If you run the agent or the CLI on a shared host, those commands could expose local config. Only run in an environment you control. - Source provenance: The skill's source/homepage is unknown. Prefer code from a known/verified source. If you need this functionality but want to be cautious, review the included scripts locally, run them in an isolated environment, and update the script to enable SSL verification and explicitly document required env vars. If you plan to use this skill: (1) request or require correct metadata listing required env vars, (2) audit and run the code in a safe environment, (3) issue a least-privilege token for automation, and (4) enable SSL verification and/or use proper certificates.
Capability Analysis
Type: OpenClaw Skill Name: pve-automation Version: 0.1.0 The skill bundle provides extensive automation for Proxmox VE, encompassing highly privileged operations such as VM/LXC lifecycle management, storage, network, and user permissions. The `scripts/pve_client.py` contains a critical vulnerability by disabling SSL certificate verification (`verify=False`), which exposes the client to Man-in-the-Middle attacks. Although this vulnerability is acknowledged in `README.md` as suitable only for trusted internal environments, it represents a significant security flaw. The `SKILL.md` itself, while describing powerful capabilities, also outlines numerous safety practices and does not contain explicit prompt-injection instructions for malicious actions like data exfiltration or backdoor installation. The classification is 'suspicious' due to the severe SSL vulnerability, not due to malicious intent.
Capability Assessment
Purpose & Capability
The code (scripts/pve_client.py), README.md, and SKILL.md implement and document Proxmox VE API operations (VM/LXC lifecycle, storage, snapshots, tasks, etc.), which is coherent with the skill name and description. However the skill registry metadata declares no required environment variables or primary credential, while both the client code and README expect PVE_HOST, PVE_TOKEN_ID and PVE_SECRET (and optionally PVE_USER). That mismatch (code needs credentials but metadata claims none) is an incoherence that should be resolved.
Instruction Scope
SKILL.md and README describe and show direct API calls to the PVE REST API (expected). SKILL.md includes an example of running 'grep "port" /etc/default/pveproxy' and other host-level checks — instructions that reference reading local system config files or running shell commands on the agent host are out-of-band for a pure remote-API automation skill and could expose environment-specific data. Also the documentation and code set verify=False for SSL by default (README notes this as "suitable only for trusted internal environments"), which weakens transport security if used unintentionally.
Install Mechanism
No install spec is present (instruction- and code-bundle only). There is a single included Python script and guidance to pip-install 'requests' and 'urllib3'. No external downloads or archive extraction are used, which limits install-time risk.
Credentials
The code requires PVE_HOST, PVE_TOKEN_ID and PVE_SECRET (and optionally PVE_USER) to operate; these are proportionate to managing Proxmox, but the registry incorrectly lists no required env vars/credentials. The default user is root@pam in code and docs — if operators provide root-scoped tokens that is high privilege. The skill should declare its required env vars and recommend least-privilege token scopes and secure handling of secrets. Additionally, defaulting to disabling SSL verification (verify=False) increases risk of credential exposure to man-in-the-middle attacks.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistence. It is user-invocable and model-invocation is allowed (the platform default). There is no evidence the skill modifies other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install pve-automation
  3. After installation, invoke the skill by name or use /pve-automation
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of pve-automation skill for Proxmox VE management. - Automates VM and LXC container lifecycle tasks: create, start, stop, delete. - Supports template management, cloud-init configuration, and storage operations. - Handles plugin installation and Proxmox cluster operations (status, tasks, resources). - Offers guidance on Proxmox API usage, authentication (token and ticket), and best practices. - Responds to user prompts related to Proxmox, PVE, virtualization, or LXC automation.
Metadata
Slug pve-automation
Version 0.1.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Pve Automation?

Automate Proxmox VE (PVE) virtual machine and container management tasks including VM lifecycle operations (create, start, stop, delete), template management... It is an AI Agent Skill for Claude Code / OpenClaw, with 437 downloads so far.

How do I install Pve Automation?

Run "/install pve-automation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Pve Automation free?

Yes, Pve Automation is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Pve Automation support?

Pve Automation is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Pve Automation?

It is built and maintained by Lua (@lichas); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments