← Back to Skills Marketplace

SSH Server

Name: SSH Server
Author: xingfalin

by XingFaLin · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

361

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install ssh-server

Description

SSH remote connection and operation for servers (Linux/Unix cloud servers, etc.)

Usage Guidance

Do not trust or run the Python helper commands until you inspect the code. The skill references a local script (D:\openClaw\openclaw\config\ssh_config.py and config/ssh_config.py) and a local storage file (servers.json) but does not include that script — verify what that script does, how it encrypts passwords, and where encryption keys are stored. Avoid using StrictHostKeyChecking=no (it disables host key verification and risks MITM). Prefer SSH keys over passwords. If you plan to let the agent run SSH commands, ensure you trust the skill owner and understand how credentials will be provided and protected; if you cannot inspect the helper script, treat this skill as untrusted and do not store secrets for it.

Capability Analysis

Type: OpenClaw Skill Name: ssh-server Version: 1.0.0 The skill bundle relies on an external Python script (ssh_config.py) located at a hardcoded absolute path (D:\openClaw\openclaw\config\ssh_config.py) that is not included in the package. This script is responsible for handling and 'encrypting' sensitive server credentials, making its actual security behavior unverifiable. Additionally, the instructions in SKILL.md suggest using 'StrictHostKeyChecking=no', which disables a fundamental SSH security mechanism and exposes the user to Man-in-the-Middle (MITM) attacks.

Capability Assessment

ℹ Purpose & Capability

The name and description (remote SSH management) match the commands and operations described (ssh, ssh-keygen, systemctl, docker, journalctl). However the SKILL.md repeatedly instructs use of a local Python helper (D:\openClaw\openclaw\config\ssh_config.py or python config/ssh_config.py) and a local config path (D:\openClaw\openclaw\config\servers.json) even though no code files for that helper are included in the skill and the registry metadata lists no required binaries. That dependency on a local, non-provided script is inconsistent with an instruction-only skill and could confuse users or hide where secrets are stored.

⚠ Instruction Scope

Instructions tell the user/agent to store encrypted passwords locally at a specific path and to run a non-included Python script to add/connect servers. The doc also recommends ssh -o StrictHostKeyChecking=no (disables host key verification), which weakens security and can enable MITM attacks. The skill claims passwords are 'encrypted and stored locally' but provides no details or code to verify encryption, key management, or where the encryption keys are kept. The agent is instructed to prompt the user to run local commands and to connect using stored credentials; these behaviors require trust in the missing local script.

✓ Install Mechanism

No install spec and no code files — the skill is instruction-only, which minimizes direct installation risk. However, the instructions assume the existence of a local Python helper script that is not part of the package (a potential gap but not an installer risk).

ℹ Credentials

The skill requires no environment variables or external credentials in its registry metadata, which is consistent with an instruction-only SSH helper. However it asks users to store encrypted passwords locally in a specific file path and to run a local Python script to manage them; requiring storage of sensitive credentials is reasonable for an SSH helper but is disproportionate here because the skill does not provide or document the code that performs encryption, nor explain key management. That lack of transparency around secret handling is a red flag.

ℹ Persistence & Privilege

always is false (normal). The SKILL.md header includes requires: ["ssh"] and allowed-tools: Bash(ssh:*), implying the agent may be permitted to run ssh commands; the registry's top-level requirements list no required binaries, creating a small mismatch. Autonomous invocation is allowed by default — combined with the agent's ability to run ssh, this increases impact if the agent gets credentials or if the missing local helper is present on disk. This is not inherently malicious but worth noting before enabling autonomous runs.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install ssh-server
After installation, invoke the skill by name or use /ssh-server
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release

Metadata

Slug ssh-server

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is SSH Server?

SSH remote connection and operation for servers (Linux/Unix cloud servers, etc.). It is an AI Agent Skill for Claude Code / OpenClaw, with 361 downloads so far.

How do I install SSH Server?

Run "/install ssh-server" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SSH Server free?

Yes, SSH Server is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does SSH Server support?

SSH Server is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SSH Server?

It is built and maintained by XingFaLin (@xingfalin); the current version is v1.0.0.

More Skills