← Back to Skills Marketplace
yuleleyo

skill-cross-agent-v1.0.0.tar

by YuleleYO · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
370
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skill-cross-agent
Description
跨机器Agent协作 - 通过SSH连接局域网内其他OpenClaw实例,实现多机任务分发
Usage Guidance
This skill behaves like an SSH-based remote control tool and is coherent with the description, but it has multiple risky practices you should consider before installing: - Credentials: The skill stores default_pass in plaintext under ~/.config/openclaw/cross-agent.conf (it appends values). Avoid saving passwords; prefer SSH key authentication instead. - sshpass and process exposure: The scripts use sshpass and pass passwords on the command line, which can be visible to local users via process listings—only use in trusted, isolated environments. - Host key checking disabled: All SSH calls set StrictHostKeyChecking=no and UserKnownHostsFile=/dev/null, disabling host-key verification and increasing MITM risk on untrusted networks. - Network scanning and remote exec: The skill scans subnets and can run arbitrary commands on remote machines; this can be intrusive and should only be used on networks and hosts you control and trust. - Silent metadata mismatch: Metadata declares no required config paths, but the skill reads/writes ~/.config/openclaw/cross-agent.conf—this is an incoherence to be aware of. - Installer prompts for sudo: The wizard/install may run apt install under sudo to add dependencies—review before consenting. Actions you can take: - Inspect the included scripts locally before running; consider removing or altering insecure behaviors (remove sshpass usage, enable host-key checking, stop storing plaintext passwords). - Use SSH key-based auth and remove config storage of passwords; if you must store secrets, use a secure credential store (not plain files). - Run initial tests in an isolated network or VM. - If you need stronger assurance, ask the publisher for provenance (source repo, signed releases) or request a version that uses key-based auth and does not disable host-key verification. Given the combination of insecure credential handling and the mismatch between metadata and file behavior, proceed only if you accept these risks and have verified the code.
Capability Analysis
Type: OpenClaw Skill Name: skill-cross-agent Version: 1.0.0 The skill bundle provides remote command execution and file transfer capabilities across a local network via SSH. It utilizes 'sshpass' for automated authentication, which involves storing credentials in plain text in '~/.config/openclaw/cross-agent.conf' and disabling SSH host key verification ('StrictHostKeyChecking=no') in scripts like 'exec.sh', 'get.sh', and 'put.sh'. While these features align with the stated goal of cross-agent collaboration, they introduce significant security vulnerabilities including credential exposure and man-in-the-middle risks, making the bundle high-risk despite no clear evidence of intentional malice.
Capability Assessment
Purpose & Capability
Name, description and declared required binaries (sshpass, ssh, scp, ping, nc) align with the implemented features (scan, test, send, get, put, exec). The scripts implement exactly the advertised SSH-based cross-agent behavior.
Instruction Scope
Runtime instructions and scripts perform network scanning, arbitrary remote command execution, file transfer, and prompt to install system packages via sudo. The wizard will auto-install sshpass (sudo apt) and the scripts disable SSH host-key checking (StrictHostKeyChecking=no) which increases MITM risk. The skill also writes plaintext credentials to a local config file and exposes passwords on the command line via sshpass—these are beyond a minimal, safe instruction scope.
Install Mechanism
No remote downloads or archive extraction; an included install.sh copies files into the user's ~/.openclaw/skills and suggests installing dependencies via the system package manager. Installing dependencies requires sudo (prompted to user).
Credentials
The skill requests no environment variables but reads/writes ~/.config/openclaw/cross-agent.conf (not declared in metadata) and stores default_pass in plaintext. It relies on sshpass (which exposes passwords to process listings) and therefore requires sensitive credentials but does not declare or warn about the config path in the metadata—disproportionate to the claimed 'no required config' metadata.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It persists a user-scoped config file and suggests aliases/.bashrc entries but does not auto-enable system-wide privileges. The wizard/install may run sudo to install packages if the user agrees.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-cross-agent
  3. After installation, invoke the skill by name or use /skill-cross-agent
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of cross-agent for OpenClaw, enabling cross-machine task collaboration via SSH. - Scan and discover online devices in the local network. - Test SSH connectivity and manage sessions on target machines. - Send tasks, execute commands, and transfer files (get/put) between agents. - Supports interactive setup and configuration of default connection parameters. - Requires sshpass, ssh, scp, ping, and nc on Linux.
Metadata
Slug skill-cross-agent
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is skill-cross-agent-v1.0.0.tar?

跨机器Agent协作 - 通过SSH连接局域网内其他OpenClaw实例,实现多机任务分发. It is an AI Agent Skill for Claude Code / OpenClaw, with 370 downloads so far.

How do I install skill-cross-agent-v1.0.0.tar?

Run "/install skill-cross-agent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is skill-cross-agent-v1.0.0.tar free?

Yes, skill-cross-agent-v1.0.0.tar is completely free (open-source). You can download, install and use it at no cost.

Which platforms does skill-cross-agent-v1.0.0.tar support?

skill-cross-agent-v1.0.0.tar is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created skill-cross-agent-v1.0.0.tar?

It is built and maintained by YuleleYO (@yuleleyo); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments