← Back to Skills Marketplace
2233admin

Server Maintenance

by 2233admin · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
808
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install server-maintenance
Description
Automates server maintenance by checking disk usage, cleaning caches, optimizing resources, and supporting local and remote multi-server batch operations.
Usage Guidance
This skill largely implements its stated maintenance tasks, but has a few red flags you should address before running it on production systems: 1) Inspect and edit servers.json and maintain-all.sh: both contain hard-coded remote IPs. Remove or replace them with only servers you control. The bundled maintain-all.sh currently will attempt SSH to those addresses. 2) Root SSH & host-key checking: scripts use ssh root@host and maintain-all.sh sets StrictHostKeyChecking=no. That bypasses host authenticity checks; change this and avoid automatic root access unless you intentionally want it. Prefer connecting as a non-root user with sudo where possible. 3) Verify backup behavior: SKILL.md claims automatic backups of key configs, but the scripts do not perform backups. Add an explicit backup step (and test it) before any destructive operations. 4) Use dry-run and test in an isolated environment: cleanup.sh has a dry-run mode — use it first. Test everything on a disposable VM to confirm effects before running on production. 5) Code review: the scripts run rm -rf on cached directories and perform remote commands. Read and understand each command, and lock down who/what can invoke the skill (do not enable autonomous scheduled runs until you trust it). 6) Source verification: the skill's source is 'unknown' and the package.json points to a GitHub repo — if you plan to use this, verify the upstream repository and its history. If you want, I can produce a hardened version of these scripts that: - reads servers from a user-managed config and refuses to run against unknown hosts, - enforces StrictHostKeyChecking and key-based auth only, - performs safe backups before changes, - runs cleanup actions under a non-root account with sudo prompts. Confidence: high — the scripts are readable and the risky elements (hard-coded IPs, root SSH, disabled host-key checking, missing backups) are concrete and observable.
Capability Analysis
Type: OpenClaw Skill Name: server-maintenance Version: 1.0.0 The skill's stated purpose is legitimate server maintenance. However, it is classified as suspicious due to critical security vulnerabilities. The `maintain-all.sh` script explicitly disables `StrictHostKeyChecking` for SSH connections, making it highly vulnerable to Man-in-the-Middle attacks and potential remote code execution on the target servers (e.g., `43.163.225.27`, `43.167.192.145`). Furthermore, `check.sh`, `cleanup.sh`, and `maintain-all.sh` use `root` SSH access and lack robust input sanitization for the `SERVER_HOST` argument, posing a shell injection risk if the agent's input is compromised.
Capability Assessment
Purpose & Capability
The scripts (check.sh, cleanup.sh, maintain-all.sh) implement disk checks, cache cleanup and multi-server SSH operations that match the described purpose. Minor inconsistency: registry metadata lists no required binaries, but SKILL.md lists dependencies (bash, ssh, du, df, npm). Functionality generally aligns with the stated purpose.
Instruction Scope
The runtime instructions and scripts will operate as root (ssh root@host and inspect /root), run remote commands, and remove cached directories. The SKILL.md promises safety measures (backups, only cleaning safe caches, dry-run) but the scripts do not implement a pre-operation backup step and only partially implement dry-run behavior. maintain-all.sh directly attempts SSH to hard-coded IPs; check.sh and cleanup.sh inspect /root and other privileged locations. These behaviors expand scope to high-privilege host-level operations.
Install Mechanism
No install spec (instruction-only skill with bundled scripts). Nothing is downloaded or executed from external URLs during install — lower install-time risk. The presence of local script files means code will run on the host when invoked.
Credentials
No environment variables or credentials are declared, but the scripts require SSH access as root to remote hosts. The skill ships with a servers.json and maintain-all.sh hard-coded with external IP addresses (43.163.225.27 and 43.167.192.145). maintain-all.sh disables StrictHostKeyChecking (ssh -o StrictHostKeyChecking=no) which weakens host authenticity checks. Asking for root SSH access and embedding remote IPs without clearly asking the user to confirm them is disproportionate and risky.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent platform privileges or modify other skills. Autonomous invocation is allowed (default), which is normal — combine that with the high-privilege SSH actions in other dimensions when deciding whether to enable autonomous runs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install server-maintenance
  3. After installation, invoke the skill by name or use /server-maintenance
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of automated server maintenance skill: - Automates disk usage checks, cache cleanup, and system optimization. - Supports batch operations across multiple servers via SSH. - Provides clear maintenance reports, including before/after disk usage and total space freed. - Offers safe defaults: only known cache is cleaned, config backups, and dry-run mode. - Easy integration with OpenClaw scheduling and supports flexible configuration.
Metadata
Slug server-maintenance
Version 1.0.0
License
All-time Installs 3
Active Installs 3
Total Versions 1
Frequently Asked Questions

What is Server Maintenance?

Automates server maintenance by checking disk usage, cleaning caches, optimizing resources, and supporting local and remote multi-server batch operations. It is an AI Agent Skill for Claude Code / OpenClaw, with 808 downloads so far.

How do I install Server Maintenance?

Run "/install server-maintenance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Server Maintenance free?

Yes, Server Maintenance is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Server Maintenance support?

Server Maintenance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Server Maintenance?

It is built and maintained by 2233admin (@2233admin); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments