← 返回 Skills 市场
747
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install idrac
功能描述
Monitor and manage Dell PowerEdge servers via iDRAC Redfish API (iDRAC 8/9). Use when asked to: - Check server hardware status, health, or temperatures - Que...
使用说明 (SKILL.md)
iDRAC Skill
Monitor and manage Dell PowerEdge servers via iDRAC Redfish API.
First-Time Setup
Create a config file at ~/.config/idrac-skill/config:
mkdir -p ~/.config/idrac-skill
cat > ~/.config/idrac-skill/config \x3C\x3C'EOF'
# iDRAC connection settings
IDRAC_IP="\x3Cyour-idrac-ip>"
# Credential source: "1password" | "file" | "env"
CREDS_SOURCE="file"
# For CREDS_SOURCE="1password":
# OP_ITEM="\x3C1password-item-name>"
#
# For CREDS_SOURCE="file":
# Create ~/.idrac-credentials with contents: username:password
# chmod 600 ~/.idrac-credentials
#
# For CREDS_SOURCE="env":
# Export IDRAC_USER and IDRAC_PASS
EOF
Authentication
The helper script supports three credential sources:
| Source | Config | How It Works |
|---|---|---|
| 1password | OP_ITEM="item-name" |
Pulls username:password via op CLI, caches to ~/.idrac-credentials |
| file | (default) | Reads ~/.idrac-credentials (format: user:pass, mode 600) |
| env | — | Uses $IDRAC_USER and $IDRAC_PASS environment variables |
Helper Script
Location: scripts/idrac.sh (relative to this skill directory)
idrac.sh test # Test connectivity and authentication
idrac.sh status # System summary (model, power, CPU, memory)
idrac.sh health # Health checks (temps, fans, power)
idrac.sh power # Current power state
idrac.sh inventory # Full hardware inventory
idrac.sh logs # Recent system event log entries (last 10)
idrac.sh thermal # Detailed temperature and fan status
idrac.sh storage # RAID/disk status
idrac.sh reset-types # Available power reset types
Workflow
- Load config from
~/.config/idrac-skill/config - Hydrate credentials (JIT pattern) if needed
- Determine operation type:
- Read-only (status, health, logs, inventory) → Execute directly
- Destructive (power off, restart, BIOS changes) → Confirm with user first
- Query Redfish API via curl + Basic Auth (or session token for batch ops)
- Parse JSON with jq
- Surface findings to user in natural language
- Never expose credentials in responses
Endpoint Reference
For raw Redfish API endpoints (system info, thermal, storage, network, logs, power ops, BIOS, firmware, session auth, Dell OEM attributes):
→ See references/endpoints.md
Security Notes
- Never log or display credentials — use
--silentand pipe to jq - Credential file must be mode 600 (
chmod 600 ~/.idrac-credentials) - TLS verification disabled (
-k) — iDRAC uses self-signed certs (acceptable for private networks) - Power operations are destructive — confirm with user before executing shutdown/restart
Compatibility
Works with Dell iDRAC 8 (Redfish 1.0–1.4) and iDRAC 9 (Redfish 1.6+). Covers PowerEdge 13th gen (R630/R730) through current gen. See endpoints reference for version-specific notes.
Note: iDRAC 8 API responses can take 5–10s per call. The test command makes 4 sequential calls (~30–40s total). Set exec timeouts accordingly. iDRAC 9 is significantly faster.
安全使用建议
This skill appears to be what it claims, but consider these practical cautions before installing/using it:
- Ensure IDRAC_IP in ~/.config/idrac-skill/config is the intended internal iDRAC host(s); the script will send your credentials to whatever host is configured. Do not point it at unknown or internet-facing hosts.
- The helper caches credentials to ~/.idrac-credentials (mode 600). That mitigates but does not eliminate risk — avoid including that file in backups or shared repos. If you prefer no file cache, use CREDS_SOURCE=env and set IDRAC_USER/IDRAC_PASS in a controlled session.
- TLS verification is disabled (curl -k) because many iDRACs use self-signed certs. If you can supply valid certs or enable verification for your environment, that is more secure.
- Optional 1Password integration requires the op CLI; when used, the script extracts and writes creds to the same local cache file. Review that behavior if you rely on JIT secrets management.
- Verify curl and jq are from trusted system packages and inspect scripts locally before running. The skill is script-based and will only act on the configured host, but a misconfiguration can lead to credential exposure.
Overall, the skill is coherent with its stated purpose; follow the above operational precautions for secure use.
功能分析
Type: OpenClaw Skill
Name: idrac
Version: 1.1.0
The skill is designed to manage iDRAC, but it exhibits significant vulnerabilities. The `scripts/idrac.sh` file sources a user-created configuration file (`~/.config/idrac-skill/config`), which introduces a Remote Code Execution (RCE) vulnerability if an attacker can modify this file. Additionally, the script uses `curl -k` to disable TLS verification for iDRAC connections, making them susceptible to Man-in-the-Middle attacks, although this is explicitly documented in `SKILL.md` as a trade-off for self-signed certificates. While these are critical security flaws, there is no evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or installation of backdoors.
能力评估
Purpose & Capability
Name/description, required binaries (curl, jq), the helper script, and the endpoints reference all align with a Redfish/iDRAC management skill. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
Runtime instructions are narrowly scoped to reading ~/.config/idrac-skill/config, hydrating credentials (file/env/1Password), and calling the configured IDRAC_IP over HTTPS. Caveats: the skill will connect to whatever IDRAC_IP the user places in config (so a misconfigured value could send credentials off-network), and the script deliberately disables TLS verification (-k) to accommodate self-signed iDRAC certs — this is noted in SKILL.md but is a security trade-off.
Install Mechanism
No install spec; the skill is instruction/script-only and won't download or install third-party packages. This is the lowest-risk model for install behavior.
Credentials
The skill does not require global secrets. It reads/writes a local credential cache (~/.idrac-credentials) and may read IDRAC_USER/IDRAC_PASS when configured for env mode. Optional 1Password integration uses the op CLI. Writing credentials to a local file is needed for curl -u usage but should be considered when sharing/backing up the home directory.
Persistence & Privilege
always is false and the skill is user-invocable. It writes only its own config and credential cache in the user's home (~/.config/idrac-skill/config and ~/.idrac-credentials) and does not modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install idrac - 安装完成后,直接呼叫该 Skill 的名称或使用
/idrac触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Add metadata.openclaw (requires curl/jq, os filter). Declare credential file writes and network behavior in description. Improve dependency transparency for security scanners.
v1.0.0
Initial release
元数据
常见问题
iDRAC 是什么?
Monitor and manage Dell PowerEdge servers via iDRAC Redfish API (iDRAC 8/9). Use when asked to: - Check server hardware status, health, or temperatures - Que... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 747 次。
如何安装 iDRAC?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install idrac」即可一键安装,无需额外配置。
iDRAC 是免费的吗?
是的,iDRAC 完全免费(开源免费),可自由下载、安装和使用。
iDRAC 支持哪些平台?
iDRAC 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 iDRAC?
由 Eddy(@eddygk)开发并维护,当前版本 v1.1.0。
推荐 Skills