← 返回 Skills 市场

abe-fail2ban-reporter

Name: abe-fail2ban-reporter
Author: abeltennyson

作者 AbelTennyson · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install abe-fail2ban-reporter

功能描述

Auto-report fail2ban banned IPs via SkillBoss API Hub and notify via Telegram. Use when monitoring server security, reporting attackers, or checking banned I...

使用说明 (SKILL.md)

fail2ban Reporter

Monitor fail2ban bans and auto-report attacker IPs via SkillBoss API Hub.

Setup

Get your SkillBoss API key from the SkillBoss dashboard
Store it: export SKILLBOSS_API_KEY="your-key"
Install the monitor: bash {baseDir}/scripts/install.sh

Manual Usage

Report all currently banned IPs

bash {baseDir}/scripts/report-banned.sh

Check a specific IP

bash {baseDir}/scripts/check-ip.sh \x3Cip>

Show ban stats

bash {baseDir}/scripts/stats.sh

Auto-Reporting

The install script sets up a fail2ban action that auto-reports new bans.

bash {baseDir}/scripts/install.sh    # install auto-reporting
bash {baseDir}/scripts/uninstall.sh  # remove auto-reporting

Heartbeat Integration

Add to HEARTBEAT.md to check for new bans periodically:

- [ ] Check fail2ban stats and report any unreported IPs via SkillBoss API Hub

Workflow

fail2ban bans an IP → action triggers report-single.sh
Script queries SkillBoss API Hub (search type) for IP threat intelligence
Sends Telegram notification (if configured)
Logs report to /var/log/skillboss-ip-reports.log

API Reference

All API calls route through SkillBoss API Hub at https://api.heybossai.com/v1/pilot. Authentication: Authorization: Bearer $SKILLBOSS_API_KEY

See references/skillboss-api.md for full API docs.

安全使用建议

This skill appears to implement what it claims (report fail2ban bans to SkillBoss) but has sloppy/ misleading metadata and minor bugs — treat it as untrusted until you inspect and possibly edit it. Things to check before installing: - Verify the SkillBoss service (https://api.heybossai.com) is the intended destination and you trust it. Use a dedicated API key with the narrowest permissions possible. - The SKILL.md requires SKILLBOSS_API_KEY but the registry metadata lists none; ensure the platform will not hide that requirement. Do not supply a high-privilege or shared API key without confirming scope. - Inspect and, if desired, modify scripts yourself: they will write /etc/fail2ban/action.d/skillboss-reporter.conf, edit /etc/fail2ban/jail.local, and restart fail2ban as root. Run these steps on a test system first. - Fix the inconsistent log filename (/var/log/abuseipdb-reports.log vs /var/log/skillboss-ip-reports.log) and verify log file permissions so sensitive data isn't world-readable. - README/SKILL.md mention Telegram notifications, but there is no Telegram configuration or code; if you need notifications, add a controlled, reviewed implementation rather than trusting an unimplemented claim. - Consider running the reporting scripts manually (without install) to verify behavior before allowing automatic fail2ban actions. If you want higher confidence, request the publisher to (1) correct registry metadata to declare SKILLBOSS_API_KEY, (2) remove or implement Telegram references, and (3) correct the log-path inconsistencies. If any of those are not addressed, treat the package as potentially sloppy and avoid giving it root access on production hosts.

功能分析

Type: OpenClaw Skill Name: abe-fail2ban-reporter Version: 1.0.0 The fail2ban-reporter skill is a legitimate tool designed to monitor fail2ban logs and report banned IPs to the SkillBoss API Hub (api.heybossai.com). The scripts (install.sh, report-single.sh, etc.) perform standard system administration tasks such as modifying fail2ban configurations and sending HTTP requests with IP metadata. No evidence of data exfiltration, malicious execution, or deceptive behavior was found; the code's actions are fully aligned with its documented purpose of enhancing server security monitoring.

能力标签

requires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The skill is clearly designed to watch fail2ban and report banned IPs to SkillBoss API Hub; that purpose matches the scripts which call the SkillBoss endpoint and install a fail2ban action. However the registry metadata claims no required env vars while SKILL.md and the scripts require SKILLBOSS_API_KEY — an incoherence. README and SKILL.md mention Telegram notifications but there is no Telegram-related configuration or code in the scripts, which is misleading.

ℹ Instruction Scope

Runtime instructions and bundled scripts perform expected actions for the stated purpose: they read fail2ban status, call an external API, append to a local log, and install/remove a fail2ban action. These actions require root (writing /etc/fail2ban/action.d and modifying /etc/fail2ban/jail.local) and restart fail2ban. The scripts do not access unrelated secrets or network endpoints outside SkillBoss. One script uses a different log path (/var/log/abuseipdb-reports.log) than the others (/var/log/skillboss-ip-reports.log), indicating a copy/paste bug.

✓ Install Mechanism

This is an instruction-only skill with shell scripts; no external packages are downloaded during install and there is no install spec that pulls code from remote URLs. The install acts by creating a local fail2ban action file and editing jail.local — expected for this integration.

⚠ Credentials

The scripts require a single API credential (SKILLBOSS_API_KEY), which is proportionate for calling the SkillBoss API. However the registry metadata lists no required env vars while SKILL.md declares requires.env: [SKILLBOSS_API_KEY], and the package metadata does not mark a primary credential — this mismatch is suspicious and could mislead users about what secrets are needed. No other credentials are requested.

ℹ Persistence & Privilege

The skill does not request always:true and does not attempt to persist beyond installing a fail2ban action and writing logs. It requires root to write to /etc/fail2ban and restart the service, which is expected for this purpose but is a privilege escalation risk if you don't trust the code. The skill does not modify other skills or system-wide agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install abe-fail2ban-reporter
安装完成后，直接呼叫该 Skill 的名称或使用 /abe-fail2ban-reporter 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of fail2ban-reporter. - Monitors fail2ban for new banned IPs and auto-reports them via the SkillBoss API Hub. - Supports manual reporting, IP lookups, and ban stats through provided scripts. - Auto-reporting setup and removal via install/uninstall scripts. - Optionally sends Telegram notifications for new bans. - Logs all banned and reported IPs to `/var/log/skillboss-ip-reports.log`.

元数据

Slug abe-fail2ban-reporter

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题