← Back to Skills Marketplace
223
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install sparkey
Description
Provides time-limited, self-revoking SSH access for AI agents using certificate TTL, user expiry, forced command restrictions, and scheduled automated cleanup.
Usage Guidance
This skill appears to do what it says: it creates short‑lived SSH sessions by generating keys/certificates, provisioning local helper accounts and cleanup jobs, then revoking them. However, it must be run as root and it creates a persistent CA private key on the operator host — if that key is compromised, attackers can mint certificates for any server trusting that CA. Before installing/using: (1) review the scripts line-by-line and test in a disposable VM; (2) run setup-ca.sh on a dedicated, hardened operator host (or HSM) and restrict access to /etc/ssh/agent_ca; (3) prefer dry-run mode and audit logs; (4) never run on a production host without approval — the scripts modify users, systemd/at jobs, and /usr/local; (5) require explicit human confirmation before any agent-initiated grant operation. If you are uncomfortable running root-level scripts supplied by an unknown source, do not install or run them.
Capability Analysis
Type: OpenClaw Skill
Name: sparkey
Version: 1.2.1
The 'sparkey' skill bundle provides a robust framework for granting temporary, restricted SSH access to AI agents using a defense-in-depth approach (certificate TTL, OS account expiry, and a restricted dispatch shell). Analysis of scripts like grant-access.sh and the restricted shell logic shows intentional security controls, such as input sanitization against shell metacharacters, path traversal checks using readlink -f, and automated cleanup via at or systemd-run. The code is well-documented, lacks any evidence of data exfiltration or unauthorized persistence, and aligns perfectly with its stated purpose of providing auditable, time-boxed access.
Capability Assessment
Purpose & Capability
Name/description (temporary, self-revoking SSH access) match the shipped assets: scripts to create a CA, generate keys/certificates, create short‑lived local agent_support_* accounts, schedule cleanup, and revoke sessions. Required binaries listed in SKILL.md (ssh-keygen, useradd/usermod/userdel, at/systemd-run, etc.) align with the stated purpose.
Instruction Scope
SKILL.md and scripts explicitly require running as root and perform system-wide operations: create/delete local accounts, write files to /etc/ssh and /usr/local/{bin,sbin}, schedule at/systemd jobs, and write to /var/log. Those actions are central to the stated purpose, but they are high-impact operations and must be run only on an operator host you control. The agent flow describes user consent before modifying targets, which helps but relies on correct operator behavior.
Install Mechanism
No external install/download URLs or package installs are embedded in the skill. The package is instruction-only with local scripts included; this is lower install risk than fetching remote archives. Dependencies are standard OS binaries documented in SKILL.md.
Credentials
The skill requests no environment variables or external credentials. It does create and persist a CA private key under /etc/ssh (documented as an operator-side persistent credential). That persistence is necessary for CA-based signing but is highly sensitive (see guidance).
Persistence & Privilege
The scripts require root and create persistent artifacts (CA private key in /etc/ssh, files under /usr/local, a log under /var/log). This is coherent with the purpose but grants significant local privilege while the CA key exists — compromising the CA would let an attacker mint valid certs for trusted targets. always:false (not force-installed) reduces risk; model invocation is allowed by default, which means an agent could attempt to run these steps, so operator consent and manual execution controls are important.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sparkey - After installation, invoke the skill by name or use
/sparkey - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.1
- Added new script: scripts/audit.sh to the project.
- Incremented version to 1.0.2.
v1.0.1
- Switched license file from LICENSE.txt to LICENSE.md (no content change to license).
- Documentation updated for clarity: emphasizes that zero session artifacts (accounts, keys, certs, cleanup timers) remain after session ends or TTL expiry.
- Made security considerations explicit for CA private key persistence.
- No functional or behavioral changes to code.
v1.0.0
- Initial release of Sparkey: provides secure, time-limited SSH access for AI agents.
- Implements four-layer defense-in-depth: certificate TTL, OS account expiry, command-restricted dispatch, and automated cleanup.
- No credentials persist after session ends; all key material is destroyed post-use.
- Supports both key and CA-based SSH authentication with expiration and access control.
- Designed with crash safety and user oversight; integrates dead-man timers to auto-revoke access.
- Platform support and required toolchains clearly documented for fast adoption.
Metadata
Frequently Asked Questions
What is Sparkey?
Provides time-limited, self-revoking SSH access for AI agents using certificate TTL, user expiry, forced command restrictions, and scheduled automated cleanup. It is an AI Agent Skill for Claude Code / OpenClaw, with 223 downloads so far.
How do I install Sparkey?
Run "/install sparkey" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Sparkey free?
Yes, Sparkey is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Sparkey support?
Sparkey is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Sparkey?
It is built and maintained by Neo (@sanjeevneo); the current version is v1.2.1.
More Skills