← Back to Skills Marketplace
121
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install remote-terminal
Description
Remote Linux terminal control skill. Use when the user wants to (1) connect to a remote Linux server and execute commands, (2) perform SSH operations on remo...
Usage Guidance
This skill does what it says (remote command execution) but uses several insecure patterns you should be aware of before installing: it supports sshpass and Telnet (plaintext passwords), it allows storing passwords in ~/.qclaw/workspace/memory/hosts.json (plaintext), and it uses StrictHostKeyChecking=accept-new (auto-accepts host keys, which can enable MITM attacks). Before installing or using it: (1) review the scripts yourself and remove or modify the plaintext-password storage and sshpass flows; (2) prefer SSH key auth and avoid Telnet; (3) change or remove options that auto-accept host keys; (4) secure the ~/.qclaw directory (restrict permissions) and rotate any credentials added; (5) consider running this in a constrained environment or disable autonomous invocation if you do not want the agent to call it without explicit consent. If you want, I can point out the exact lines to change to harden the code (e.g., disable password storage, require explicit host-key verification, or encrypt stored secrets).
Capability Analysis
Type: OpenClaw Skill
Name: remote-terminal
Version: 1.0.0
The 'remote-terminal' skill provides powerful capabilities for remote server management, including SSH/Telnet command execution and parallel execution across multiple hosts. While it includes safety features like command logging and confirmation prompts for dangerous patterns (in ssh_exec.py and SKILL.md), it handles high-risk data such as SSH keys and host credentials. A significant security concern is found in host_manager.py, which allows storing remote server passwords in plaintext within a local JSON file (~/.qclaw/workspace/memory/hosts.json). Although the behavior aligns with the stated purpose, the combination of broad shell access and insecure credential handling makes it high-risk.
Capability Assessment
Purpose & Capability
The name/description (remote SSH terminal control) aligns with the included code and instructions: ssh_exec.py, parallel_exec.py, and host_manager.py implement SSH/Telnet/web-terminal workflows and host storage. Nothing in the package appears to be trying to do unrelated tasks (no unexpected cloud APIs or unrelated credentials).
Instruction Scope
SKILL.md and the scripts instruct the agent to read ~/.ssh/config, read/write ~/.qclaw/workspace/memory/hosts.json, and write logs to ~/.qclaw/logs/remote-terminal.log. Examples and code recommend/allow insecure methods (sshpass password flows, Telnet via expect, and disabling strict host key checking). The skill therefore accesses local SSH config, can prompt for or accept plaintext passwords, and runs arbitrary shell commands on arbitrary hosts — all expected for a remote-terminal skill but with notable insecure choices.
Install Mechanism
No installer or remote downloads are used; this is an instruction+script bundle included in the skill. That reduces supply-chain risk compared with fetching code from arbitrary URLs.
Credentials
The skill requests no declared environment variables, but it enables storing credentials (password field) in ~/.qclaw/workspace/memory/hosts.json and uses sshpass/expect examples. Storing passwords in plaintext and logging commands to a local log file is disproportionate from a security perspective — these are sensitive artifacts that the skill will create and access even though no external secret manager is required.
Persistence & Privilege
The skill does not request always:true or system-wide privileges, but it writes configuration and logs under the user's home (~/.qclaw). That per-skill persistence is normal, but because it may store plaintext passwords and logs, it increases the sensitivity of those files and the blast radius if the agent or machine is compromised.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install remote-terminal - After installation, invoke the skill by name or use
/remote-terminal - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Remote Terminal v1.0.0
- Initial release of the remote-terminal skill.
- Enables remote Linux server control via SSH, Telnet, or web terminals.
- Supports multiple authentication methods (password, SSH keys, SSH config).
- Includes built-in security features: command confirmation for dangerous operations, command blacklist, and operation logging.
- Provides host management, parallel execution, and troubleshooting guidance.
- Triggers on common remote connection phrases in English and Chinese.
Metadata
Frequently Asked Questions
What is remote-terminal?
Remote Linux terminal control skill. Use when the user wants to (1) connect to a remote Linux server and execute commands, (2) perform SSH operations on remo... It is an AI Agent Skill for Claude Code / OpenClaw, with 121 downloads so far.
How do I install remote-terminal?
Run "/install remote-terminal" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is remote-terminal free?
Yes, remote-terminal is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does remote-terminal support?
remote-terminal is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created remote-terminal?
It is built and maintained by ckaorceu (@ckaorceu); the current version is v1.0.0.
More Skills