← Back to Skills Marketplace

MeshOps Control Plane

Name: MeshOps Control Plane
Author: likesjx

by likesjx · GitHub ↗ · v0.1.7

cross-platform ⚠ suspicious

437

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install meshops-control-plane

Description

Operate and secure mesh workflows across gateways, including plugin install/setup, health verification, invite/join bootstrap, and controlled execution tasks...

Usage Guidance

This skill appears to implement the MeshOps control-plane it claims, but review and operator caution are recommended before installing or enabling it in production: - Metadata mismatch: the marketplace/registry summary claims no required env vars, but metadata.yaml and SKILL.md expect several gating env vars and system binaries. Ask the maintainer to correct the registry metadata or treat the included metadata.yaml as authoritative. - Powerful runtime actions (download+extract, plugin installs, writing to /opt, restarting gateway) are present. They are gated by OPENCLAW_ALLOW_* flags and allowlists, but you should: - Keep OPENCLAW_ALLOW_DEPLOY_SKILL, OPENCLAW_ALLOW_RUN_CMD, and OPENCLAW_ALLOW_HIGH_RISK set to 0 until you audit the skill and its upstream plugin. - Populate OPENCLAW_RUN_CMD_ALLOWLIST narrowly (or leave empty) to avoid arbitrary command execution. - Restrict OPENCLAW_ALLOWED_CALLERS to trusted operator IDs only. - The skill will auto-register capabilities and may automatically claim tasks. If you do not want autonomous cross-gateway execution or capability advertisement, do not load this skill on agents that should remain passive. - Verify sources before permitting installs: setup-ansible-plugin calls 'openclaw plugins install' (github/npm/path). Confirm the plugin repository (https://github.com/likesjx/openclaw-plugin-ansible) and any artifact URLs used by deploy-skill. - Run preflight in a controlled environment first (the included preflight action reports presence of required binaries and current gate settings). Review the collected logs and test deploy flow in an isolated node before enabling on production gateways. If you want to proceed: require maintainer to fix registry metadata, audit the plugin repo and any artifacts, and enforce strict gate/allowlist settings and minimal privileges for the runtime user.

Capability Analysis

Type: OpenClaw Skill Name: meshops-control-plane Version: 0.1.7 The bundle provides a distributed orchestration framework with high-risk capabilities, specifically remote command execution (run-cmd.sh) and remote skill deployment (deploy-skill.sh). While the implementation includes several security controls—such as environment-based gates (OPENCLAW_ALLOW_HIGH_RISK), caller allowlists, command allowlists, and SHA256 integrity checks—the inherent nature of these tools allows for Remote Code Execution (RCE) and persistence. There is no evidence of intentional malice or data exfiltration, but the powerful administrative surface area warrants a suspicious classification for a senior analyst review.

Capability Assessment

ℹ Purpose & Capability

The files (handler.py and actions/*.sh) implement the described mesh control-plane capabilities (invite/join, capability publish, task delegation, preflight, deploy-skill, run-cmd, plugin setup). That runtime footprint is coherent with the skill description. However, the package-level registry summary earlier reported 'Required env vars: none' while the included metadata.yaml and SKILL.md declare multiple required env vars and binaries (OPENCLAW_* gates, jq, curl, tar, sha tools, openclaw CLI, etc.), which is an internal inconsistency and reduces transparency about what the skill will actually rely on.

⚠ Instruction Scope

SKILL.md and docs instruct agents to automatically register capabilities on load and to poll/claim tasks at the start of reasoning steps (automatic executor behavior). The scripts and handler read environment gating variables and may download artifacts, install plugins, write into /opt/openclaw/skills, and restart the gateway. Those behaviors are within the stated mesh/ops domain but expand the agent's runtime authority (auto-claiming and side-effectful installs), so operators must ensure gates and allowlists are configured as intended.

ℹ Install Mechanism

No install spec in the registry (skill is distributed as source files). The included scripts perform runtime downloads: deploy-skill uses curl to fetch arbitrary HTTPS artifacts (but enforces SHA256 and a gate), and setup-ansible-plugin invokes 'openclaw plugins install' which may fetch code from GitHub/npm/path. This is expected for a plugin/bootstrap skill, but it is a higher-risk runtime operation than a purely read-only instruction-only skill.

⚠ Credentials

The skill relies on multiple environment gates (OPENCLAW_ALLOW_HIGH_RISK, OPENCLAW_ALLOW_RUN_CMD, OPENCLAW_ALLOW_DEPLOY_SKILL), an allowlist (OPENCLAW_RUN_CMD_ALLOWLIST), and artifact path (OPENCLAW_ARTIFACT_ROOT). Those are proportionate to the high-risk capabilities, but the top-level registry metadata omitted required env vars while metadata.yaml lists them — a mismatch that could mislead operators. The skill does not ask for cloud credentials, but it does require filesystem and process permissions (writing to /opt, running openclaw CLI, restarting gateway).

ℹ Persistence & Privilege

always:false (no forced global inclusion). However, SKILL.md/docs specify automatic capability registration when a task-type skill loads and automated executor polling/claiming behavior, which effectively modifies shared mesh state and makes the agent an active participant in routing. This is consistent with a control-plane role but increases blast radius if gates/allowlists are misconfigured.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install meshops-control-plane
After installation, invoke the skill by name or use /meshops-control-plane
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.7

**Summary:** Major skill rebranding and expanded documentation for mesh coordination mesh. - Renamed skill from "meshops-control-plane" to "ansible" with updated description and public positioning. - Completely overhauled SKILL.md: now provides detailed concepts, behavioral contracts, topology models, lifecycle rules, and tool usage. - Added comprehensive protocol, delegation workflow, and governance documentation for distributed mesh operations. - New documentation files included: CLAWHUB.md and an operator runbook. - Updated references and examples throughout to establish the new coordination model and clarify safety/approval flows.

v0.1.3

Rebrand + hardening: explicit env/binary contract, strict gates, preflight action, and plugin capability inventory.

Metadata

Slug meshops-control-plane

Version 0.1.7

License —

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is MeshOps Control Plane?

Operate and secure mesh workflows across gateways, including plugin install/setup, health verification, invite/join bootstrap, and controlled execution tasks... It is an AI Agent Skill for Claude Code / OpenClaw, with 437 downloads so far.

How do I install MeshOps Control Plane?

Run "/install meshops-control-plane" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MeshOps Control Plane free?

Yes, MeshOps Control Plane is completely free (open-source). You can download, install and use it at no cost.

Which platforms does MeshOps Control Plane support?

MeshOps Control Plane is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MeshOps Control Plane?

It is built and maintained by likesjx (@likesjx); the current version is v0.1.7.

More Skills