← Back to Skills Marketplace
536
Downloads
1
Stars
3
Active Installs
9
Versions
Install in OpenClaw
/install ssh-batch-manager
Description
Batch SSH key management. Distribute/remove SSH keys to/from multiple servers with intelligent connectivity pre-check and source tracking.
Usage Guidance
Before installing or enabling this skill, review and harden these points:
1) Confirmation enforcement: Inspect the main entry (ssh-batch-manager.py) to confirm it enforces an explicit interactive confirmation step for enable operations even when invoked programmatically (e.g., via openclaw-integration.py). If confirmation is skipped for non-interactive runs, do not install.
2) Web UI exposure: serve-ui.py binds to all interfaces by default (socketserver.TCPServer(('', PORT))). Change it to bind to 127.0.0.1 or add firewall rules so the UI is not accessible from the network unless you explicitly intend that.
3) Systemd auto-start: post-install.sh creates and enables a systemd unit under /etc/systemd/system. Run this script manually and review the generated unit before using sudo to install it. If you prefer, do not enable auto-start and run the UI manually in a controlled environment.
4) Programmatic triggers: If you use an agent or automation that can call openclaw-integration.py or other scripts, restrict or remove that entry point unless you have strong safeguards ensuring human approval is required.
5) Secrets storage and key management: Verify how the Fernet key (ssh-batch.key) is generated, stored, and backed-up. Treat that key as sensitive — if an attacker obtains it plus the config file, encrypted passwords can be decrypted. Consider using a secure key store rather than a plain file.
6) Network and privilege audit: Confirm the service runs as an unprivileged user and that systemd unit security settings are appropriate. The unit sets NoNewPrivileges and PrivateTmp, but it does not restrict network access or capabilities; consider adding additional systemd sandboxing (e.g., ProtectSystem, RestrictAddressFamilies) if needed.
7) Test in isolation: Try the tool in an isolated test environment (no production servers, localhost-only UI) to confirm behavior and confirmation enforcement before deploying on machines that manage real servers.
If you want, I can: (a) point to the exact lines in the main script where confirmation and network binding occur, (b) suggest minimal code edits to bind the UI to localhost and to enforce confirmation in non-interactive runs, or (c) provide a checklist to run the post-install script safely.
Capability Analysis
Type: OpenClaw Skill
Name: ssh-batch-manager
Version: 2.1.9
The 'ssh-batch-manager' skill is classified as suspicious due to multiple critical shell injection vulnerabilities. The `ssh-batch-manager.py` script contains a potential remote shell injection vulnerability in the `copy_key_with_password_secure` function, where a crafted public key content could lead to arbitrary command execution on target SSH servers. Additionally, the Web UI (`ssh-manager.html`) is vulnerable to local shell injection in its `addServer` and `encryptPassword` functions, allowing user-supplied input to execute arbitrary commands on the local OpenClaw agent machine via `window.openclawExec`. The use of `sshpass` and `StrictHostKeyChecking=no` further introduces security weaknesses. While the skill includes positive security features like AES-256 encryption and explicit agent instructions for user confirmation, these implementation flaws create significant attack surfaces.
Capability Assessment
Purpose & Capability
Name, description, and required binaries (ssh, ssh-copy-id, sshpass) and the cryptography dependency align with a tool that distributes SSH keys and stores encrypted passwords. Included scripts (add-server.py, delete-server.py, enable/disable commands) are consistent with the stated features.
Instruction Scope
SKILL.md and the code instruct the agent to manage ~/.openclaw/credentials/ssh-batch.json and to auto-start a Web UI. The package includes an openclaw-integration.py that runs enable/disable commands programmatically; this creates a plausible path for non-interactive invocation. The serve-ui.py uses socketserver.TCPServer(('', PORT)) which binds to all network interfaces (0.0.0.0) by default, exposing the UI beyond localhost. The documentation's 'MUST obtain explicit user confirmation' safety rule is good, but the codebase contains programmatic entry points (openclaw-integration.py, systemd service) that could be triggered without that confirmation if not enforced in the main CLI logic.
Install Mechanism
There is no registry install spec, but SKILL.md lists pip/apt/script actions (pip install cryptography, apt install sshpass, run post-install.sh). All artifacts are bundled in the skill (no remote downloads). post-install.sh writes a systemd unit under /etc/systemd/system and uses sudo, which is expected for auto-start but is a privileged action that will modify system services.
Credentials
The skill does not request unrelated cloud credentials or external API keys. It legitimately needs access to local SSH keys, the user's ~/.openclaw credentials directory, and to store an encryption key (ssh-batch.key). Those privileges are proportionate to its functionality, but they are sensitive and should be audited.
Persistence & Privilege
post-install.sh configures and enables a systemd service that auto-starts the Web UI. Auto-starting a UI/service that can manage SSH access increases persistence/privilege. Combined with the service binding to all interfaces and the openclaw-integration programmatic control, this raises the risk that operations could be triggered without the explicit interactive confirmation emphasized in SKILL.md.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ssh-batch-manager - After installation, invoke the skill by name or use
/ssh-batch-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.9
v2.1.9: 修复 disable-all 命令的 shell 转义问题,添加密钥认证服务器的自动移除支持
v2.1.8
v2.1.8: All files verified as English and secure - No Chinese files remaining + All security fixes included
v2.1.7
v2.1.7: CRITICAL SECURITY FIXES - Web UI uses Python JSON (no shell) + Python uses shlex.quote() + Configurable SSH host key checking
v2.1.6
ALL files secure English - No shell injection
v2.1.5
v2.1.5: CRITICAL SECURITY FIX - No shell injection (remote + Web UI) + All user input properly escaped
v2.1.4
v2.1.4: SECURITY FIX - No shell injection (argparse) + Accurate documentation
v2.1.3
English translation
v2.1.1
v2.1.1: Auto-start Web UI service on installation + Mandatory safety confirmation + Intelligent pre-check + Source tracking + 40x performance
v2.1.0
v2.1.0: Mandatory safety confirmation + Intelligent connectivity pre-check + Source identifier + 40x performance improvement
Metadata
Frequently Asked Questions
What is Ssh Batch Manager?
Batch SSH key management. Distribute/remove SSH keys to/from multiple servers with intelligent connectivity pre-check and source tracking. It is an AI Agent Skill for Claude Code / OpenClaw, with 536 downloads so far.
How do I install Ssh Batch Manager?
Run "/install ssh-batch-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Ssh Batch Manager free?
Yes, Ssh Batch Manager is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Ssh Batch Manager support?
Ssh Batch Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Ssh Batch Manager?
It is built and maintained by TK (@stj001); the current version is v2.1.9.
More Skills