← 返回 Skills 市场
HostLink
作者
jebadiahgreenwood
· GitHub ↗
· v0.1.0
· MIT-0
82
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install hostlink
功能描述
Execute commands on the host machine from inside the OpenClaw container via the HostLink daemon. Provides secure, authenticated remote shell execution over a...
使用说明 (SKILL.md)
HostLink Skill
Execute commands on the host machine from inside this container.
Quick Reference
# Execute a command on the host
hostlink exec "ls /home/jebadiah"
# Ping the daemon (connection test)
hostlink ping
# With explicit socket/token (if env vars not set)
hostlink -s /run/hostlink/hostlink.sock -k $HOSTLINK_TOKEN exec "echo hello"
# Set working directory
hostlink -w /home/jebadiah exec "pwd"
# Set environment variables
hostlink -e MY_VAR=value exec "echo $MY_VAR"
# With timeout (ms)
hostlink -T 60000 exec "long-running-command"
# JSON output (machine-readable)
hostlink -j exec "ls -la" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d['stdout'])"
# List configured targets
hostlink targets
Environment Variables
Set these so you don't need to pass flags every time:
| Variable | Purpose | Default |
|---|---|---|
HOSTLINK_SOCKET |
Unix socket path | /run/hostlink/hostlink.sock |
HOSTLINK_TOKEN |
Auth token | (required) |
HOSTLINK_TARGET |
Target node name | (optional) |
Best place to set these: workspace/.env or openclaw.json env.vars section.
Connection Status
Check if hostlinkd is reachable:
hostlink ping
# Expected: [hostname] pong - uptime Xs
# If error: daemon not running or socket not mounted
Common Use Cases
Access host filesystem
hostlink exec "ls /home/jebadiah/projects"
hostlink exec "cat /etc/hostname"
Run host-side GPU/ML tools
hostlink exec "nvidia-smi"
hostlink exec "ollama list"
hostlink exec "ls ~/.cache/huggingface/hub"
Access the Qwen3 merge project
hostlink exec "ls /path/to/qwen3-merge"
hostlink exec "cat /path/to/qwen3-merge/README.md"
Docker management on host
hostlink exec "docker ps"
hostlink exec "docker stats --no-stream"
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | Remote command failed (check exit_code in JSON output) |
| 2 | Connection failed (daemon unreachable) |
| 3 | Authentication failed (wrong token) |
| 5 | Timeout |
| 7 | Client error (bad args, missing targets file) |
Troubleshooting
"Connection failed" / exit 2:
- hostlinkd not running on host:
sudo systemctl start hostlinkd - Socket not mounted: check docker-compose volume mount
- Wrong socket path: check
HOSTLINK_SOCKETenv var
"Authentication failed" / exit 3:
- Wrong
HOSTLINK_TOKEN— must match auth_token in/etc/hostlink/hostlink.conf
"server busy" error:
- Host is at max_concurrent limit — retry shortly
Architecture
Container (you are here) Host machine
┌─────────────────────┐ ┌──────────────────────────┐
│ hostlink (client) │◄────────►│ hostlinkd (daemon) │
│ workspace/bin/ │ Unix │ /etc/hostlink/ │
│ │ socket │ auth_token = \x3Csecret> │
└─────────────────────┘ │ shell = /bin/bash │
└──────────────────────────┘
See references/setup.md for installation and docker-compose configuration.
安全使用建议
This skill legitimately provides host command execution — which is powerful and risky. Before installing or enabling it:
- Treat HOSTLINK_TOKEN as a high-value secret. Do NOT store it in global config files unless you understand the risk; prefer ephemeral or workspace-scoped secrets and avoid committing it to disk or git.
- The registry metadata is inconsistent: it does not declare the required HOSTLINK_TOKEN or config path it expects. Ask the publisher to correct metadata or do not trust automatic installation.
- Vet the hostlinkd repository/binary (https://github.com/jebadiahgreenwood/hostlink) before installing on your host; build from source if you must, and review the code for privilege escalation/backdoors.
- Run hostlinkd as a least-privileged user where possible; do not run it as root unless you accept the risk.
- Limit socket access (unix_mode, group membership) and avoid enabling TCP unless protected by WireGuard and strict network controls.
- If you enable this skill for an agent, restrict autonomous invocation or remove the token from global agent configs; consider requiring explicit human confirmation for any host-executed command.
- Rotate the auth token after any change, and monitor hostlinkd logs for unexpected commands.
Given the metadata/instruction mismatch and the ability to run arbitrary host commands, proceed only if you fully trust the daemon, the repo, and the people who will control the agent.
功能分析
Type: OpenClaw Skill
Name: hostlink
Version: 0.1.0
The 'hostlink' skill provides a mechanism for the AI agent to execute arbitrary shell commands on the host machine from within the container, effectively bypassing container isolation. While the documentation (SKILL.md and references/setup.md) presents this as a utility for host-side tool management (e.g., Docker, GPUs), it grants the agent full RCE capabilities on the host, often with root privileges. This is an inherently high-risk capability that could be abused for host compromise, although no specific evidence of malicious exfiltration or hidden backdoors was found in the provided files.
能力评估
Purpose & Capability
The name/description match the runtime instructions: this skill is explicitly for executing commands on the host via a hostlink daemon. Asking for access to the host socket and the ability to run host commands is coherent with that purpose.
Instruction Scope
The SKILL.md instructs use of a required secret (HOSTLINK_TOKEN) and host socket paths and tells the user to add that token to openclaw.json or workspace/.env. The registry metadata declares no required env vars or config paths, so the instructions access secrets/configuration that the skill metadata does not advertise. The instructions also enable arbitrary host command execution (including reading /etc, GPU tooling, Docker, etc.), which is expected but high-impact.
Install Mechanism
This is an instruction-only skill (no install spec) so it won’t write code into the container. The setup guide points to a GitHub repo and building/installing host binaries on the host — normal for a host-side daemon, but you should vet the upstream repository and binary before installing on your host.
Credentials
Although SKILL.md requires an auth token (HOSTLINK_TOKEN) and suggests placing it in openclaw.json or workspace/.env, the registry metadata lists no required env vars and no required config paths. Requesting a persistent secret (potentially stored in ~/.openclaw/openclaw.json) without declaring it is disproportionate and a metadata mismatch. Storing the token in a global agent config grants ongoing host-execution capability to the agent if invoked.
Persistence & Privilege
always:false (good), but the skill is user-invocable and the platform allows autonomous invocation. If the HOSTLINK_TOKEN is placed in agent configuration (as the guide suggests), the agent would have persistent credentials enabling arbitrary host command execution. That combination (autonomous invocation + undisclosed persistent secret) materially increases risk.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install hostlink - 安装完成后,直接呼叫该 Skill 的名称或使用
/hostlink触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release. Secure host command execution from OpenClaw container via Unix socket or TCP/WireGuard. 58/58 integration tests passing.
元数据
常见问题
HostLink 是什么?
Execute commands on the host machine from inside the OpenClaw container via the HostLink daemon. Provides secure, authenticated remote shell execution over a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 82 次。
如何安装 HostLink?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install hostlink」即可一键安装,无需额外配置。
HostLink 是免费的吗?
是的,HostLink 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
HostLink 支持哪些平台?
HostLink 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 HostLink?
由 jebadiahgreenwood(@jebadiahgreenwood)开发并维护,当前版本 v0.1.0。
推荐 Skills