← 返回 Skills 市场
Hostinger VPS MCP Tools
作者
maverick-software
· GitHub ↗
· v1.0.0
420
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install hostinger-vps-mcp-tools
功能描述
Set up Hostinger VPS servers as AI virtual employees with GUI and Koda (OpenClaw). Use when deploying new VPS instances, setting up remote desktops, installi...
使用说明 (SKILL.md)
Hostinger VPS Deploy
Deploy Koda (OpenClaw) on Hostinger VPS servers with GUI access for AI virtual employees.
Overview
This skill automates:
- API-driven provisioning — Deploy VPS instances via Hostinger API MCP tools
- Server hardening — SSH keys, firewall, fail2ban
- GUI installation — XFCE desktop + VNC/XRDP for remote access
- Docker setup — Container runtime for Koda
- Koda deployment — AI assistant with webchat interface
- Identity config — Unique name/persona for each virtual employee
Hostinger API Integration (MCP)
Dashboard Tab
OpenClaw has a built-in Hostinger tab in the Control dashboard (Integrations group).
From the tab you can:
- Enter your Hostinger API token (stored securely in vault)
- Set your GitHub repo URL (OpenClaw fork to install on new VPS instances)
- View all available MCP tools grouped by category
- Reference the Key VPS Tools quick guide
Getting Your API Token
- Log into hPanel
- Go to API Tokens → Create new token
- Copy the token and paste it in the OpenClaw Hostinger tab
MCP Server
The hostinger-api-mcp npm package is Hostinger's official MCP server.
- Install:
npm install -g hostinger-api-mcp(already installed) - Auth: Bearer token via
API_TOKENenv var - Transport: stdio (default) or HTTP streaming
Important: The API token is stored in ~/.openclaw/secrets.json (the vault), not in plaintext in mcporter config. A SecretRef points to the vault key HOSTINGER_API_TOKEN.
Key API Endpoints
| Tool | Method | Path |
|---|---|---|
vps_getVirtualMachineListV1 |
GET | /api/vps/v1/virtual-machines |
vps_createVirtualMachineV1 |
POST | /api/vps/v1/virtual-machines |
vps_getDataCenterListV1 |
GET | /api/vps/v1/data-centers |
vps_getOsListV1 |
GET | /api/vps/v1/os |
vps_startVirtualMachineV1 |
POST | /api/vps/v1/virtual-machines/{id}/start |
vps_stopVirtualMachineV1 |
POST | /api/vps/v1/virtual-machines/{id}/stop |
vps_restartVirtualMachineV1 |
POST | /api/vps/v1/virtual-machines/{id}/restart |
vps_resetPasswordV1 |
POST | /api/vps/v1/virtual-machines/{id}/reset-password |
vps_getMetricsV1 |
GET | /api/vps/v1/virtual-machines/{id}/metrics |
billing_getCatalogItemListV1 |
GET | /api/billing/v1/catalog |
billing_getPaymentMethodListV1 |
GET | /api/billing/v1/payment-methods |
Using Tools via mcporter
# List all VPS instances
mcporter call hostinger-api.vps_getVirtualMachineListV1
# View available VPS plans (prices in cents)
mcporter call hostinger-api.billing_getCatalogItemListV1 category=VPS
# List data centers
mcporter call hostinger-api.vps_getDataCenterListV1
# List OS options
mcporter call hostinger-api.vps_getOsListV1
# Deploy a new VPS (requires plan item ID, OS ID, datacenter ID)
mcporter call hostinger-api.vps_createVirtualMachineV1 ...
API Documentation Links
| Resource | URL |
|---|---|
| API Reference | https://developers.hostinger.com/ |
| Overview | https://developers.hostinger.com/#description/overview |
| Authentication | https://developers.hostinger.com/#description/authentication |
| SDKs & Tools | https://developers.hostinger.com/#description/sdks--tools |
| Official MCP Server (GitHub) | https://github.com/hostinger/api-mcp-server |
| Postman Collection | https://app.getpostman.com/run-collection/36145449-4a733c4f-6704-49f6-832a-0ccd28c37021 |
| hPanel API Tokens | https://hpanel.hostinger.com/api-tokens |
VPS Deployment Workflow
Step 1: Get a VPS
# 1. Check available plans
mcporter call hostinger-api.billing_getCatalogItemListV1 category=VPS
# 2. Pick a data center
mcporter call hostinger-api.vps_getDataCenterListV1
# 3. Pick an OS (Ubuntu 24.04 recommended)
mcporter call hostinger-api.vps_getOsListV1
# 4. Deploy
mcporter call hostinger-api.vps_createVirtualMachineV1 \
--args '{"plan":"...", "datacenter_id": "...", "os_id": "..."}'
Step 2: Set Up the Server
Once the VPS is running (get IP from vps_getVirtualMachineListV1):
# One-command full deploy
scripts/deploy-all.sh SERVER_IP "Agent Name" [KODA_PORT] [SSH_PORT]
# Examples:
scripts/deploy-all.sh 1.2.3.4 "Alex"
scripts/deploy-all.sh 1.2.3.4 "Alex" 9443 2222
Step 3: Install OpenClaw Fork
If a GitHub repo is configured (via the Hostinger tab), Koda will:
- SSH into the new VPS
- Clone the configured repo (e.g.,
https://github.com/your-org/openclaw) - Run the install script
Manual Step-by-Step Scripts
# 1. Initial server setup (with custom ports)
ssh root@SERVER_IP 'bash -s 9443 2222' \x3C scripts/01-server-setup.sh
# 2. Install GUI + remote desktop
ssh -p 2222 root@SERVER_IP 'bash -s' \x3C scripts/02-install-gui.sh
# 3. Install Docker
ssh -p 2222 root@SERVER_IP 'bash -s' \x3C scripts/03-install-docker.sh
# 4. Deploy Koda (with custom port)
ssh -p 2222 root@SERVER_IP 'bash -s 9443' \x3C scripts/04-deploy-koda.sh
# 5. Configure identity
ssh -p 2222 root@SERVER_IP 'bash -s' \x3C scripts/05-configure-identity.sh "Agent Name"
Scripts
| Script | Purpose |
|---|---|
01-server-setup.sh |
Updates, firewall, fail2ban, create user |
02-install-gui.sh |
XFCE desktop + XRDP (Windows Remote Desktop) |
03-install-docker.sh |
Docker + Docker Compose |
04-deploy-koda.sh |
Pull/build Koda, start container |
05-configure-identity.sh |
Set agent name, create workspace |
deploy-all.sh |
Run all scripts in sequence |
Connecting to Your VPS
After deployment:
- Remote Desktop (RDP): Connect with Windows Remote Desktop or Remmina to
SERVER_IP:3389 - VNC: Connect to
SERVER_IP:5901(if VNC installed) - Webchat: Open
http://SERVER_IP:18789in browser - SSH:
ssh koda@SERVER_IP
Default credentials (change after first login):
- Username:
koda - Password: Set during deployment
Firewall Ports
| Port | Service | Customizable |
|---|---|---|
| 22 (default) | SSH | ✅ Set via SSH_PORT |
| 3389 | XRDP (Remote Desktop) | ❌ |
| 18789 (default) | Koda webchat | ✅ Set via KODA_PORT |
Security
Vault Storage
The Hostinger API token is stored in ~/.openclaw/secrets.json under the key HOSTINGER_API_TOKEN. It is never stored in plaintext in mcporter.json — only a SecretRef pointer is stored there.
Post-Deployment Hardening
# Tailscale (zero-trust VPN — recommended)
ssh root@SERVER_IP 'bash -s' \x3C scripts/security/setup-tailscale.sh
ssh root@SERVER_IP 'bash -s' \x3C scripts/security/lockdown-public.sh
# Or: Cloudflare Tunnel for HTTPS
ssh root@SERVER_IP 'bash -s' \x3C scripts/security/setup-cloudflare-tunnel.sh
| Script | Purpose |
|---|---|
security/setup-ssh-keys.sh |
SSH key-only auth |
security/setup-tailscale.sh |
Zero-trust VPN mesh |
security/setup-cloudflare-tunnel.sh |
HTTPS via Cloudflare |
security/setup-wireguard.sh |
Self-hosted VPN |
security/setup-https.sh |
Let's Encrypt SSL + Nginx |
security/harden-server.sh |
Kernel hardening, auto-updates |
security/lockdown-public.sh |
Remove all public port access |
Reference Files
| File | Purpose |
|---|---|
references/hostinger-backend.ts |
Gateway RPC handlers for Hostinger API |
references/hostinger-views.ts |
UI tab rendering (Lit) |
references/hostinger-controller.ts |
UI state management |
references/hostinger-notes.md |
hPanel navigation notes |
references/identity-setup.md |
Per-agent identity configuration |
references/security-options.md |
Security comparison guide |
VPS Plans
Recommended for Koda/OpenClaw:
- KVM 2 (2 GB RAM) — Minimum for headless Koda
- KVM 4 (4 GB RAM) — Recommended for GUI + Koda
- KVM 8 (8 GB RAM) — Comfortable for heavy workloads
OS: Ubuntu 22.04 or 24.04 LTS
Troubleshooting
Can't connect via RDP?
- Ensure port 3389 is open:
sudo ufw status - Check XRDP status:
sudo systemctl status xrdp
Koda not starting?
- Check Docker:
docker ps - View logs:
docker logs koda
GUI slow?
- XFCE is lightweight but VPS needs 2GB+ RAM
- Consider headless mode if GUI not needed
MCP tools not loading?
- Verify token is saved: check
~/.openclaw/secrets.jsonforHOSTINGER_API_TOKEN - Run:
API_TOKEN=your-token mcporter list hostinger-api
安全使用建议
Before using this skill, be aware it will perform many root‑level changes on a VPS and add persistent configuration/credentials to your agent environment. Recommendations:
- Inspect every script (deploy-all.sh and all scripts it calls) locally before running and remove or modify steps you don’t want (e.g., the NOPASSWD sudo line).
- Treat the initial runs as happening on a disposable/test VPS. Don’t run on production machines until you’re comfortable.
- Consider removing or changing the sudo NOPASSWD for the 'koda' user and avoid exposing XRDP (port 3389) publicly. Prefer VPN/tunnel (Tailscale/WireGuard/Cloudflare Tunnel) and then run lockdown steps.
- Audit any curl | sh installers (get.docker.com, tailscale install script) or replace them with package manager installs you control.
- Note the skill will ask you to provide a Hostinger API token via the UI and will store it in ~/.openclaw/secrets.json; if you have other mcporter integrations, be aware the skill will create/edit mcporter config entries which could affect them.
- If you want stronger safety: run scripts line-by-line manually over an SSH session rather than running deploy-all.sh, and avoid installing optional third‑party MCP integrations (Zapier/Pipedream) unless needed.
If you want me to, I can walk through the most sensitive lines and suggest safe edits (e.g., remove NOPASSWD, avoid exposing XRDP, replace curl|sh installs, or run Docker without adding the user to the docker group).
功能分析
Type: OpenClaw Skill
Name: hostinger-vps-mcp-tools
Version: 1.0.0
The skill bundle is classified as 'suspicious' due to several high-risk vulnerabilities, despite lacking clear evidence of intentional malicious behavior. Key indicators include: 1) Significant privilege escalation risk in `scripts/01-server-setup.sh` and `scripts/03-install-docker.sh` by granting the 'koda' user passwordless sudo and Docker group access, effectively giving a compromised agent root access. 2) Supply chain risks in `scripts/03-install-docker.sh` and `scripts/security/setup-tailscale.sh` by directly executing remote scripts via `curl | sh`, which bypasses package manager integrity checks. While these actions are part of the stated purpose of automating server setup, they introduce critical security flaws that could be exploited if the agent or remote sources are compromised. The agent's internal instructions (`SOUL.md`, `AGENTS.md`) explicitly advise against data exfiltration and destructive commands, indicating a lack of malicious intent from the skill developer.
能力评估
Purpose & Capability
The name/description match the included scripts and UI code: the package provisions Hostinger VPS via mcporter/Hostinger MCP and configures a GUI, Docker, Koda (OpenClaw) containers, VPN/tunnels, and identity files. That's coherent with the stated purpose. Minor mismatch: the skill declares no required environment variables in metadata, yet the runtime depends on a Hostinger API token (entered via the UI and stored in the vault).
Instruction Scope
SKILL.md and the scripts instruct the agent/user to perform many privileged operations on a target VPS as root: create a 'koda' user with NOPASSWD sudo, change SSH port, enable XRDP and open RDP port, install Docker and build containers, add SSH keys and disable password auth, and modify system networking/firewall. The instructions also write and read vault and mcporter config files under the agent/home directory. These actions are expected for a full VPS deploy, but they are high‑impact and not narrowly scoped — e.g., passwordless sudo and an RDP server exposed by default increase attack surface and deserve explicit user warning and opt-in.
Install Mechanism
There is no central 'install' spec for the skill, but the scripts perform remote installs on the VPS using apt and a number of network installs (curl | sh for Docker and Tailscale, downloading cloudflared .deb from GitHub releases). Curl‑pipe‑to‑sh and remote package installs are common for one‑shot provisioning but carry supply‑chain risk and should be audited by the user before running on production systems.
Credentials
Although metadata lists no required env vars, the skill absolutely expects a Hostinger API token to be entered in the UI and persisted to ~/.openclaw/secrets.json. The backend code also reads/writes various config paths (mcporter configs in several candidate locations and the secrets vault) and will modify mcporter configuration (mcpServers). That is reasonable for an integration but is still broad: it writes tokens and alters a shared mcporter config which may affect other integrations. The skill also offers optional integration with third‑party MCPs (Zapier/Pipedream) that would require user-supplied endpoints/keys.
Persistence & Privilege
The skill modifies local agent files (writes secrets.json vault entries and mcporter config under the user's home workspace). While adding its own config is expected for integrations, it does edit a shared mcporter config (potentially impacting other MCP entries) and writes persistent credentials into the agent vault. The skill is not marked always:true, and it does not autonomously escalate that flag, but persistent access to the vault and to mcporter configuration increases the blast radius if misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install hostinger-vps-mcp-tools - 安装完成后,直接呼叫该 Skill 的名称或使用
/hostinger-vps-mcp-tools触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Hostinger VPS MCP Tools skill for setting up AI agent workstations.
- Automates deployment and configuration of Hostinger VPS servers as AI assistant workstations with GUI, Docker, and OpenClaw support.
- Integrates with Hostinger API MCP tools for provisioning, OS selection, server hardening, and remote access setup.
- Includes step-by-step scripts for full server setup, GUI installation (XFCE + XRDP), Docker install, and OpenClaw deployment.
- Provides a dedicated UI tab for managing API tokens, viewing tools, and initiating deployments.
- Emphasizes secure token storage and post-deployment hardening options (e.g., VPN, SSH keys, firewall).
- Features clear documentation for both automated and manual deployment workflows.
元数据
常见问题
Hostinger VPS MCP Tools 是什么?
Set up Hostinger VPS servers as AI virtual employees with GUI and Koda (OpenClaw). Use when deploying new VPS instances, setting up remote desktops, installi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 420 次。
如何安装 Hostinger VPS MCP Tools?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install hostinger-vps-mcp-tools」即可一键安装,无需额外配置。
Hostinger VPS MCP Tools 是免费的吗?
是的,Hostinger VPS MCP Tools 完全免费(开源免费),可自由下载、安装和使用。
Hostinger VPS MCP Tools 支持哪些平台?
Hostinger VPS MCP Tools 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Hostinger VPS MCP Tools?
由 maverick-software(@maverick-software)开发并维护,当前版本 v1.0.0。
推荐 Skills