← Back to Skills Marketplace
yxieca

SONiC KVM Testbed

by Ying Xie · GitHub ↗ · v1.2.0
cross-platform ⚠ suspicious
554
Downloads
2
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install sonic-kvm-testbed
Description
Deploy and manage a SONiC sonic-mgmt KVM virtual testbed with cEOS neighbors for running pytest-based network tests. Use when setting up a local KVM testbed,...
Usage Guidance
This instruction-only skill appears coherent for building a SONiC KVM testbed, but it recommends several insecure or high-privilege actions. Before using it: 1) Run the whole procedure inside an isolated VM or disposable host to avoid weakening a production machine. 2) Replace example passwords ('password', 'abc') and the practice of storing them in plaintext with stronger passwords and secure vaulting. 3) Avoid chmod 666 on /var/run/docker.sock — prefer adding the service account to the docker group or use limited sudo rules. 4) Prefer narrowly-scoped sudoers entries instead of NOPASSWD ALL. 5) Avoid sshpass/plaintext password files where possible; use SSH keys or an encrypted vault. 6) Verify any images/tarballs (cEOS, sonic-vs) come from trusted sources and confirm the github repo/PR mentioned is authentic. 7) Review and restrict any fix scripts (fix-configs.sh) before running; they modify ansible group_vars and can overwrite secrets. If you cannot run in an isolated environment, treat this skill as risky and consider manual, hardened steps instead.
Capability Analysis
Type: OpenClaw Skill Name: sonic-kvm-testbed Version: 1.2.0 The skill bundle is designed to deploy a complex virtual network testbed, which inherently requires significant system access. However, it contains several critical security vulnerabilities: it instructs the agent to create users with hardcoded passwords and passwordless sudo access on the virtual DUT, and most critically, to set the Docker socket to world-writable (`sudo chmod 666 /var/run/docker.sock`) on the DUT. This last action allows any user or process to gain root privileges via Docker. While these actions are plausibly intended for automation and convenience within an isolated testbed, they represent severe security anti-patterns and vulnerabilities (not malicious intent) that could be exploited, making the bundle suspicious. These issues are present across `SKILL.md`, `references/credentials.md`, and `references/troubleshooting.md`.
Capability Assessment
Purpose & Capability
SKILL name/description (SONiC KVM testbed) aligns with the actions in SKILL.md: cloning sonic-mgmt, preparing sonic-vs and cEOS images, running testbed-cli.sh, setting up bridges, and running pytest. No unrelated cloud credentials or external services are requested.
Instruction Scope
Runtime instructions directly perform system-level operations: setup management bridge, modprobe/qemu-nbd mounting of images, docker imports/pulls, and run various ansible/testbed scripts. They also instruct creating users on DUTs, adding NOPASSWD sudoers entries, using sshpass with plaintext password files, and running `chmod 666 /var/run/docker.sock` — operations that expand scope to modifying host and DUT security posture and persistently weaken privileges.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or executed by the skill package itself. This minimizes supply-chain/install risk, but the instructions will cause host changes when followed.
Credentials
The skill declares no required env vars or external credentials, which is appropriate, but the included references/scripts create and rely on many plaintext credentials and insecure defaults (passwords like 'password' and 'abc' in files, `group_vars/*` containing secrets, sshpass usage). It also recommends global privilege relaxations (NOPASSWD sudo entries, chmod 666 on docker socket) that are disproportionate unless run in an isolated test environment.
Persistence & Privilege
The skill is not force-included (always: false) and doesn't request platform-level persistence, but the documented steps create persistent artifacts (password.txt, modified ansible group_vars, changed sudoers entries, netplan file for br1) that alter system/DUT configuration across reboots. These persistent changes have real security implications and should be intentionally controlled.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sonic-kvm-testbed
  3. After installation, invoke the skill by name or use /sonic-kvm-testbed
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
Supersedes 1.1.0 - includes VS image update procedures, kickstart troubleshooting, credential docs, and latest fixes
v1.0.1
Re-publish
v1.1.0
Add VS image update procedure, kickstart troubleshooting, CI vs local build credential docs
v1.0.0
Initial release of sonic-kvm-testbed for deploying and managing a local SONiC kvm-based virtual testbed. - Provides step-by-step instructions to deploy SONiC testbeds with cEOS and PTF containers for pytest-based network testing. - Supports T0 and T1-LAG topologies, with multi-VRF convergence and reduced cEOS container count using `use_converged_peers: true`. - Includes critical configuration file guidance, prerequisites, and post-deployment steps. - Documents key troubleshooting tips and common pitfalls for stable testbed operation. - Intended for users setting up, redeploying, or troubleshooting local virtual SONiC environments.
Metadata
Slug sonic-kvm-testbed
Version 1.2.0
License
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is SONiC KVM Testbed?

Deploy and manage a SONiC sonic-mgmt KVM virtual testbed with cEOS neighbors for running pytest-based network tests. Use when setting up a local KVM testbed,... It is an AI Agent Skill for Claude Code / OpenClaw, with 554 downloads so far.

How do I install SONiC KVM Testbed?

Run "/install sonic-kvm-testbed" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SONiC KVM Testbed free?

Yes, SONiC KVM Testbed is completely free (open-source). You can download, install and use it at no cost.

Which platforms does SONiC KVM Testbed support?

SONiC KVM Testbed is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SONiC KVM Testbed?

It is built and maintained by Ying Xie (@yxieca); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments