← 返回 Skills 市场
Beszel Check
作者
karakuscem
· GitHub ↗
· v1.0.0
2436
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install beszel-check
功能描述
Monitor home lab servers via Beszel (PocketBase).
使用说明 (SKILL.md)
Beszel Monitoring
Check the status of your local servers.
Usage
beszel status- Get status of all systemsbeszel containers- List top containers by CPU usage
Commands
# Get status
source ~/.zshrc && ~/clawd/skills/beszel/index.js status
# Get container stats
source ~/.zshrc && ~/clawd/skills/beszel/index.js containers
安全使用建议
This skill's code does what its description says (authenticates to a PocketBase instance and reads 'systems' and 'container_stats'), but it has important mismatches you should address before installing:
- The script requires BESZEL_USER and BESZEL_PASS (and optionally BESZEL_HOST), but the registry and SKILL.md do not declare these. Verify you understand where you'll store/provide those credentials.
- SKILL.md tells you to 'source ~/.zshrc' before running. Sourcing your shell rc will execute any commands in that file and may expose secrets. Instead, prefer explicitly exporting only the BESZEL_* variables or running the script with a controlled environment.
- BESZEL_HOST defaults to http://127.0.0.1:8090, but if you set BESZEL_HOST to a remote URL the script will send credentials and request data to that host. Ensure BESZEL_HOST points to a trusted, local instance before running.
- There is a small code bug/inconsistency: the script does "const https = require('http')" (variable name suggests HTTPS while module is http). This isn't directly malicious but indicates limited review; inspect the code yourself or ask the author to fix/clarify.
Recommendations:
1) Ask the publisher for a README that explicitly lists required env vars and network behavior, and for a homepage/source repository to verify provenance.
2) Review the index.js content yourself (or have someone you trust do so). Confirm BESZEL_HOST is safe and that the endpoints used are the PocketBase instance you expect.
3) Avoid sourcing your full shell rc; set BESZEL_USER/BESZEL_PASS in a minimal environment for the command or use a dedicated credential store.
If you cannot verify these points or the publisher's reputation, treat this skill as untrusted until clarified.
功能分析
Type: OpenClaw Skill
Name: beszel-check
Version: 1.0.0
The skill is classified as suspicious due to insecure handling of credentials and broad environment sourcing. The `index.js` script imports the `http` module but assigns it to a variable named `https`, leading to all network requests (including authentication with `BESZEL_USER` and `BESZEL_PASS` environment variables) being made over unencrypted HTTP. While the default host is localhost, this poses a significant risk if `BESZEL_HOST` is configured to an external HTTP endpoint, exposing credentials in plaintext. Additionally, the `SKILL.md` instructs the agent to `source ~/.zshrc`, which grants broad access to the user's shell environment, a risky capability without clear malicious intent.
能力评估
Purpose & Capability
The index.js script legitimately implements PocketBase calls to authenticate and read system/container records, which matches the 'Beszel (PocketBase) monitoring' description. However, the skill metadata/registry claims no required environment variables while the code requires BESZEL_USER and BESZEL_PASS (and optionally BESZEL_HOST). That mismatch between declared requirements and actual code is inconsistent.
Instruction Scope
SKILL.md instructs running: source ~/.zshrc && ~/clawd/skills/beszel/index.js ... Sourcing a user's shell RC will execute whatever is in that file (possibly running commands or exporting secrets). The instructions do not tell the user to set BESZEL_USER/BESZEL_PASS, so the only way to provide credentials appears implicit via sourced rc — this is risky and opaque.
Install Mechanism
There is no external install/download step and no packages pulled from remote hosts. The skill ships a single Node script that will be executed in-place; that is a low-risk install mechanism compared to remote downloads.
Credentials
The code requires BESZEL_USER and BESZEL_PASS (and supports BESZEL_HOST) but the skill metadata/registry lists no required env vars or primary credential. Requiring user credentials is reasonable for authenticating to PocketBase, but failing to declare them is a mismatch. Also BESZEL_HOST is configurable and could point to external hosts if set — that capability should be declared and the user warned.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and has no special persistence behavior declared.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install beszel-check - 安装完成后,直接呼叫该 Skill 的名称或使用
/beszel-check触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of beszel-check:
- Monitor home lab servers via the Beszel (PocketBase) integration.
- Provides commands to check overall server status and list top containers by CPU usage.
- Command-line usage examples included in documentation.
- USAGE
1- Create a new user on beszel which can only read your server and containers.
2- Export necessary informations BESZEL_HOST, BESZEL_USER, BESZEL_PASSWORD as environment variables.
Example usage on telegram : /beszel all containers
元数据
常见问题
Beszel Check 是什么?
Monitor home lab servers via Beszel (PocketBase). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2436 次。
如何安装 Beszel Check?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install beszel-check」即可一键安装,无需额外配置。
Beszel Check 是免费的吗?
是的,Beszel Check 完全免费(开源免费),可自由下载、安装和使用。
Beszel Check 支持哪些平台?
Beszel Check 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Beszel Check?
由 karakuscem(@karakuscem)开发并维护,当前版本 v1.0.0。
推荐 Skills