← 返回 Skills 市场

Huawei Device Inspector

Name: Huawei Device Inspector
Author: v585

作者聿歆 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

131

总下载

当前安装

版本数

在 OpenClaw 中安装

/install huawei-device-inspector

功能描述

通过SSH自动巡检华为交换机和路由器，执行状态检查、告警和安全风险排查，生成详细健康报告。

使用说明 (SKILL.md)

华为设备巡检技能

技能描述

通过SSH连接华为交换机/路由器，自动执行状态检查、告警查询、安全风险排查，生成巡检报告。

触发关键词

华为巡检
交换机状态
路由器检查
设备巡检
华为设备状态

设备信息

S7703S 核心交换机

管理地址：192.168.255.253
用户名：openclaw
密码：openclaw@2026

AR6280-S 路由器

管理地址：192.168.255.254
用户名：openclaw
密码：openclaw@2026

执行步骤

1. 建立SSH连接

使用pexpect建立交互式SSH连接（华为设备直接SSH会被断开）：

import pexpect

def connect_device(host, username, password):
    child = pexpect.spawn(f'ssh -o StrictHostKeyChecking=no {username}@{host}', timeout=60)
    child.expect(['password:', 'Password:'], timeout=10)
    child.sendline(password)
    child.expect(['>', '#'], timeout=15)
    return child

2. 执行巡检命令

按顺序执行以下命令收集信息：

命令	用途
`display version`	系统版本、运行时间
`display device`	硬件状态
`display cpu-usage`	CPU使用率
`display memory-usage`	内存使用率
`display alarm active`	活动告警
`display temperature all`	温度状态
`display power`	电源状态
`display fan`	风扇状态
`display anti-attack statistics`	攻击防御统计

3. 解析告警信息

重点关注以下告警类型：

告警名称	级别	说明
hwSysSecureRiskWarning	Warning	安全风险警告
hwGtlDefaultValue	Major	License未激活
hwLdtPortLoopDetect	Warning	端口环路检测
linkDown	Critical	接口断开

4. 生成巡检报告

报告包含：

基本信息（型号、版本、运行时间）
硬件状态（板卡、电源、风扇、温度）
资源使用（CPU、内存）
活动告警列表
问题总结和建议

输出格式

## 华为 [型号] 巡检报告

### 基本信息
| 项目 | 状态 |
|------|------|
| 型号 | xxx |
| 系统版本 | xxx |
| 运行时间 | xxx |

### 硬件状态
| 组件 | 状态 |
|------|------|
| 主控板 | Normal |
| 电源 | Normal |
| 风扇 | Normal |
| 温度 | xx°C |

### 资源使用
| 指标 | 当前值 | 状态 |
|------|--------|------|
| CPU | xx% | ✅/⚠️ |
| 内存 | xx% | ✅/⚠️ |

### 活动告警
| 级别 | 告警 | 说明 |
|------|------|------|
| Warning | xxx | xxx |

### 问题总结
1. xxx
2. xxx

适用场景

日常巡检 — 定期检查设备健康状态
故障排查 — 设备异常时快速定位问题
安全审计 — 检查安全风险和攻击防御情况

注意事项

华为设备SSH连接需要使用pexpect，直接SSH会被断开
命令输出可能有分页（---- More ----），需要发送空格继续
告警级别：Critical > Major > Warning
CPU使用率持续>70%需要关注
端口环路告警需要立即处理

依赖

Python3 + pexpect
sshpass（可选，用于简单命令）

安全使用建议

This skill does what it says (connects to Huawei devices over SSH and runs inspection commands), but it includes hard-coded device IPs and plaintext credentials inside SKILL.md. Do NOT run it as-is on your network. Before installing: - Treat the listed IPs/credentials as potentially sensitive and either remove them or confirm they are safe test accounts. - Replace embedded credentials with user-supplied secrets (environment variables, secure prompt, or secret store) and declare them in the skill metadata. - Prefer SSH key authentication and avoid disabling host-key checking. - Review every command the skill will run to ensure it won't reveal or exfiltrate config/state you don't want sent elsewhere. - If you intend to use it in production, run it in a controlled environment and limit network access (sandbox/VPN) until you verify behavior. If you cannot validate the source or intended targets, consider this skill unsafe to run.

功能分析

Type: OpenClaw Skill Name: huawei-device-inspector Version: 1.0.0 The skill bundle contains hardcoded credentials (username and password 'openclaw@2026') for specific internal IP addresses and explicitly instructs the agent to disable SSH host key checking (`StrictHostKeyChecking=no`) in SKILL.md. While these are significant security vulnerabilities that could facilitate man-in-the-middle attacks or unauthorized access if deployed in a production environment, they appear to be functional flaws or poor security practices rather than intentional malware designed to exfiltrate data from the agent's host.

能力评估

ℹ Purpose & Capability

The name/description (Huawei device SSH inspection) aligns with the instructions to SSH and run display commands. However, the SKILL.md embeds concrete device IPs and plaintext credentials instead of asking the user to provide or store credentials securely; that is unexpected for a reusable skill.

⚠ Instruction Scope

The instructions tell the agent to spawn interactive SSH sessions via pexpect and run many device commands (expected). But they also include hard-coded management addresses and passwords, and advise disabling host key checking (-o StrictHostKeyChecking=no). The instructions do not specify how credentials should be supplied, validated, or limited, and they would cause the agent to connect to specific hosts automatically if run as-is.

✓ Install Mechanism

This is an instruction-only skill with no install spec; it lists reasonable runtime dependencies (Python3 + pexpect, optional sshpass). No downloads or archive extracts are present.

⚠ Credentials

requires.env is empty but the SKILL.md contains plaintext usernames and passwords and specific management IPs. The skill requests no declared secrets while expecting access to device credentials — that mismatch is disproportionate and increases risk (hard-coded secrets, unclear secret sourcing).

✓ Persistence & Privilege

The skill is not always-enabled and has no install-time persistence. It does not request system-wide configuration changes or elevated platform privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install huawei-device-inspector
安装完成后，直接呼叫该 Skill 的名称或使用 /huawei-device-inspector 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: Automates inspection and reporting for Huawei switches and routers. - Connects to Huawei devices via SSH using pexpect to avoid connection drops. - Executes key diagnostic commands to collect status, hardware, resource usage, and alarm information. - Parses and highlights critical alarms, security risks, and abnormal resource usage. - Automatically generates detailed inspection reports in Markdown format. - Designed for routine checks, troubleshooting, and security audits of Huawei network devices. - Requires Python 3 and pexpect library.

元数据

Slug huawei-device-inspector

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题