← Back to Skills Marketplace
ssh-executor
by
rickkbarbosa
· GitHub ↗
· v1.0.3
· MIT-0
122
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install ssh-executor
Description
Execute commands on remote hosts over SSH using SSH aliases, ssh config, tmux sessions, and private keys. Use when the user asks to SSH into a host, inspect...
Usage Guidance
This skill appears to do exactly what it says: it wraps ssh for safe, key-based remote commands. Before installing, review the bundled scripts (scripts/ssh-run.sh) yourself and only allow the agent to run it when you trust the skill. Be aware it will read ~/.ssh/config (and return resolved metadata including identityfile paths and resolved host/user/port); it does not read private-key contents, nor does it exfiltrate data to external endpoints. Test on a non-production host first, avoid pasting passwords into chat, and require explicit confirmation via --confirm-dangerous before running any mutating commands.
Capability Analysis
Type: OpenClaw Skill
Name: ssh-executor
Version: 1.0.3
The ssh-executor skill provides a well-structured and safety-conscious interface for remote command execution via SSH. The core logic in scripts/ssh-run.sh includes a regex-based guardrail to identify and block potentially destructive commands (e.g., sudo, rm, systemctl) unless an explicit confirmation flag is provided. The skill instructions in SKILL.md and references/safety.md emphasize security best practices, such as preferring key-based authentication, avoiding password prompts, and protecting private key contents from being logged or exfiltrated.
Capability Tags
Capability Assessment
Purpose & Capability
Name and description match the actual behavior: the skill wraps ssh via a bash helper and uses python3 to format output and parse ssh config. Declared binaries (ssh, bash, python3) are required and appropriate; no unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md restrains when to inspect ~/.ssh/config and mandates confirmation for mutating commands. The bundled script can read ~/.ssh/config and uses `ssh -G` to resolve identityfile entries and returns resolved_identity_files and key_path (paths only). This can reveal filenames/paths of private keys and SSH metadata to whoever receives the script output; the script does not read private-key contents or transmit data off-host. Confirm you want the agent to read your SSH config and share resolved paths before invoking.
Install Mechanism
No install spec (instruction-only plus bundled script) — nothing is downloaded or written by an installer. The only included code is a local helper script; no external installs or url downloads are present.
Credentials
The skill requests no environment variables or external credentials. It does access local SSH config and may expose key file paths (but not key contents). This level of access is proportionate to remote-SSH functionality, but users should be aware that resolved identity file paths and host metadata will appear in outputs.
Persistence & Privilege
always is false and the skill is user-invocable; it does not attempt to persist, modify other skills, or change global agent settings. Autonomous model invocation remains enabled (the platform default) but is not combined with elevated privileges here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ssh-executor - After installation, invoke the skill by name or use
/ssh-executor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
- Added "python3" as a required binary in the skill's metadata.
- No other changes detected; all documentation and workflow remain unchanged.
v1.0.2
- Added scripts/ssh-run.sh: a shell script for safe SSH command execution with alias support and structured output.
- Added references/safety.md: a reference file providing additional safety guidelines for remote command execution.
v1.0.1
- Dropped the sample file publish.example.sh.
- Added OpenClaw-specific metadata, including OS compatibility (linux, darwin) and required binaries (ssh, bash) to SKILL.md.
- Updated documentation to clarify bundling and usage of scripts/ssh-run.sh, removing the skills/ path prefix from example commands.
- Instructed only to inspect ~/.ssh/config for aliases if the user uses SSH aliases or requests alias resolution.
v1.0.0
Initial release of ssh-executor.
- Enables remote command execution over SSH using SSH aliases, user configs, and key-based authentication.
- Supports tmux workflows and confirms mutating or destructive commands before execution.
- Prefers read-only or diagnostic commands by default, requiring explicit user confirmation for risky changes.
- Integrates with scripts/ssh-run.sh to handle SSH connections, list aliases, and manage execution safety.
- Returns clear, structured results including stdout, stderr, and exit code.
Metadata
Frequently Asked Questions
What is ssh-executor?
Execute commands on remote hosts over SSH using SSH aliases, ssh config, tmux sessions, and private keys. Use when the user asks to SSH into a host, inspect... It is an AI Agent Skill for Claude Code / OpenClaw, with 122 downloads so far.
How do I install ssh-executor?
Run "/install ssh-executor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ssh-executor free?
Yes, ssh-executor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ssh-executor support?
ssh-executor is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin).
Who created ssh-executor?
It is built and maintained by rickkbarbosa (@rickkbarbosa); the current version is v1.0.3.
More Skills