← Back to Skills Marketplace
331
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install vps-command-runner
Description
Run commands across multiple VPS simultaneously. Execute SSH commands, deploy updates, check logs, and manage services across all your servers from one place...
Usage Guidance
This skill will run arbitrary SSH commands on multiple servers, which fits its purpose, but it currently encourages insecure practices: it asks you to hardcode a username/password in the scripts, uses sshpass, and disables SSH host-key checking. Before installing or using it: (1) do not paste real passwords into these files — remove PASS and use SSH key auth or an SSH agent; (2) prefer key-based auth (ssh -i /path/to/key) and use ssh-copy-id to deploy keys; (3) re-enable host key checking or explicitly manage known_hosts to avoid MITM risk; (4) validate or install required binaries (ssh, sshpass if you insist, docker) and update the skill metadata to declare them; (5) inspect and run the scripts in a safe environment (non-production) first; (6) consider using established tools (Ansible, parallel-ssh) that handle credentials and auditing more securely. If you cannot or will not change the scripts to use keys and proper host verification, treat this skill as unsafe for production credentials or sensitive servers.
Capability Analysis
Type: OpenClaw Skill
Name: vps-command-runner
Version: 1.0.0
The skill bundle provides scripts (run-all.sh, run.sh, status.sh) that facilitate remote command execution across multiple servers using sshpass with plaintext credentials and the 'StrictHostKeyChecking=no' flag. This implementation is highly insecure as it exposes passwords in the process list/files and bypasses SSH host identity verification, making the system vulnerable to Man-in-the-Middle attacks. While these are functional vulnerabilities rather than intentional malware, the high-risk nature of managing a VPS fleet with such insecure methods warrants a suspicious classification.
Capability Assessment
Purpose & Capability
Name/description: manage multiple VPS via SSH — matches the included scripts which run remote commands and check status. However the registry metadata declares no required binaries or credentials while the scripts rely on ssh, sshpass and docker being available and require a username/password. Omitting those requirements in metadata is an incoherence and reduces visibility for users.
Instruction Scope
SKILL.md and scripts instruct the user to insert USER and PASS directly into script files (plaintext credentials), use sshpass, and use '-o StrictHostKeyChecking=no' which suppresses host key verification. Scripts also read local system files (hostname, /proc/loadavg) and run docker commands locally and remotely — these are plausible for a health-check tool but the instructions give broad discretion and encourage insecure credential handling.
Install Mechanism
There is no install spec (instruction-only), which is low friction and expected for simple script bundles. However the scripts call sshpass, ssh and docker without declaring them; the skill does not provide guidance to install these tools or validate their presence. That's a usability and safety gap but not an explicit supply-chain risk.
Credentials
The skill requests that users place credentials (PASSWORD) directly into scripts rather than using declared environment variables, secrets, or SSH keys. No environment variables are declared in metadata despite the need for sensitive credentials — this is disproportionate and increases risk of accidental credential leakage.
Persistence & Privilege
always:false and user-invocable:true — the skill does not request permanent or privileged presence in the agent. It does not modify other skills or system-wide config. This aspect is appropriate.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vps-command-runner - After installation, invoke the skill by name or use
/vps-command-runner - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of VPS Command Runner.
- Run commands simultaneously across multiple VPS via SSH.
- Scripts for running commands on all or specific servers, status checks, and update deployments.
- Supports both password and SSH key authentication.
- Easily manage and monitor distributed services from one place.
Metadata
Frequently Asked Questions
What is VPS Command Runner?
Run commands across multiple VPS simultaneously. Execute SSH commands, deploy updates, check logs, and manage services across all your servers from one place... It is an AI Agent Skill for Claude Code / OpenClaw, with 331 downloads so far.
How do I install VPS Command Runner?
Run "/install vps-command-runner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is VPS Command Runner free?
Yes, VPS Command Runner is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does VPS Command Runner support?
VPS Command Runner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created VPS Command Runner?
It is built and maintained by chmikiro (@chmikiro); the current version is v1.0.0.
More Skills