← Back to Skills Marketplace

VLAN Linux Client

Name: VLAN Linux Client
Author: sxf-oss

by shixianfang · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

204

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install vlan-linux-client

Description

管理 VLAN.CN Linux 客户端的安装、登录、组网连接、服务控制及网络诊断操作。

Usage Guidance

This skill appears to do what it claims (manage the VLAN.CN Linux client) but its install instruction is the main red flag: it asks you to run `curl … http://dl.vlan.cn/.../install.sh | sh` which downloads and executes code from an unverified HTTP endpoint. Before installing: 1) Do not run the pipe-to-sh command directly on production systems. 2) Prefer packages distributed over HTTPS with a checksum or GPG signature; verify the vendor's official website (https://www.vlan.cn) for verified install instructions and signatures. 3) Inspect the install script contents locally (download and read it) and run it in a disposable sandbox/container or VM first. 4) Avoid running installers as root unless you trust them; consider running with least privilege. 5) Use the recommended short-lived login codes instead of passwords to avoid credential leakage in shell history. 6) If you cannot verify the origin and integrity of dl.vlan.cn artifacts, treat installation as high-risk and consult your organization's security policy or the vendor for signed releases.

Capability Analysis

Type: OpenClaw Skill Name: vlan-linux-client Version: 1.0.0 The skill bundle provides instructions for managing the VLAN.CN Linux client but promotes a highly insecure installation method in SKILL.md and README.md. Specifically, it recommends executing a shell script downloaded via unencrypted HTTP with certificate verification explicitly disabled (curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh), which exposes users to Man-in-the-Middle (MitM) attacks. While the tool appears to be a legitimate networking service, these instructions represent a significant security vulnerability rather than intentional malice.

Capability Assessment

✓ Purpose & Capability

Name/description (manage VLAN.CN Linux client) align with the commands and features described (install, login, connect, service control, diagnostics). The SKILL.md contains only client-focused operations and references api.vlan.cn, which is consistent with the stated purpose.

⚠ Instruction Scope

The instructions tell users/agents to run a remote install script via `curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh`. This directs execution of arbitrary remote code and uses an HTTP URL (no HTTPS) and curl -k (which suppresses TLS checks for HTTPS). Aside from that, the rest of the instructions stay within the client's scope and do not request unrelated files or env vars.

⚠ Install Mechanism

There is no formal install spec; instead the skill recommends a download-and-pipe-to-shell pattern from dl.vlan.cn over plain HTTP and without integrity or signature verification. That pattern is high-risk: it allows arbitrary code execution, lacks transport integrity, and offers no provenance or reproducible packaging.

ℹ Credentials

The skill declares no required environment variables or credentials, which is proportionate. The usage examples include username/password or login codes entered interactively; the doc advises using short-lived login codes to avoid leaving passwords in shell history, which is appropriate. However, the install/uninstall steps imply writing files under system paths and may require sudo — this elevates privileges for the unsigned installer.

✓ Persistence & Privilege

The skill does not request always:true and is user-invocable; it does not attempt to modify other skills or agent-wide config in the SKILL.md. The installer may create system services and require sudo, which is expected for a system client but increases the impact of a malicious installer.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install vlan-linux-client
After installation, invoke the skill by name or use /vlan-linux-client
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

初始版本 - 支持 VLAN.CN Linux 客户端安装、登录、组网管理、服务控制和故障诊断

Metadata

Slug vlan-linux-client

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is VLAN Linux Client?

管理 VLAN.CN Linux 客户端的安装、登录、组网连接、服务控制及网络诊断操作。 It is an AI Agent Skill for Claude Code / OpenClaw, with 204 downloads so far.

How do I install VLAN Linux Client?

Run "/install vlan-linux-client" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is VLAN Linux Client free?

Yes, VLAN Linux Client is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does VLAN Linux Client support?

VLAN Linux Client is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created VLAN Linux Client?

It is built and maintained by shixianfang (@sxf-oss); the current version is v1.0.0.

More Skills