功能描述

Manage Komodo infrastructure - servers, Docker deployments, stacks, builds, and procedures. Use when user asks about server status, container management, deployments, builds, or any Komodo-related infrastructure tasks.

使用说明 (SKILL.md)

Komodo Skill

Name: Komodo
Author: weird-aftertaste

Manage servers, Docker containers, stacks, builds, and procedures via Komodo Core API.

Prerequisites

Set environment variables:

KOMODO_ADDRESS - Komodo Core URL (e.g., https://komodo.example.com)
KOMODO_API_KEY - API key (starts with K-)
KOMODO_API_SECRET - API secret (starts with S-)

Quick Reference

# Set env (or source from credentials file)
export KOMODO_ADDRESS="https://komodo.weird.cyou"
export KOMODO_API_KEY="K-..."
export KOMODO_API_SECRET="S-..."

# List resources
python scripts/komodo.py servers
python scripts/komodo.py deployments
python scripts/komodo.py stacks
python scripts/komodo.py builds
python scripts/komodo.py procedures
python scripts/komodo.py repos

# Server operations
python scripts/komodo.py server \x3Cname>
python scripts/komodo.py server-stats \x3Cname>

# Deployment operations
python scripts/komodo.py deployment \x3Cname>
python scripts/komodo.py deploy \x3Cname>
python scripts/komodo.py start \x3Cname>
python scripts/komodo.py stop \x3Cname>
python scripts/komodo.py restart \x3Cname>
python scripts/komodo.py logs \x3Cname> [lines]

# Stack operations
python scripts/komodo.py stack \x3Cname>
python scripts/komodo.py deploy-stack \x3Cname>
python scripts/komodo.py start-stack \x3Cname>
python scripts/komodo.py stop-stack \x3Cname>
python scripts/komodo.py restart-stack \x3Cname>
python scripts/komodo.py create-stack \x3Cname> \x3Cserver> \x3Ccompose.yml> [env_file]
python scripts/komodo.py delete-stack \x3Cname>
python scripts/komodo.py stack-logs \x3Cname> [service]

# Build operations
python scripts/komodo.py build \x3Cname>
python scripts/komodo.py run-build \x3Cname>

# Procedure operations
python scripts/komodo.py procedure \x3Cname>
python scripts/komodo.py run-procedure \x3Cname>

State Indicators

🟢 Running/Ok
🔴 Stopped
⚪ NotDeployed
🟡 Unhealthy
🔄 Restarting
🔨 Building
⏳ Pending

Direct API Calls

For operations not covered by the CLI, use curl:

# Read operation
curl -X POST "$KOMODO_ADDRESS/read/ListServers" \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: $KOMODO_API_KEY" \
  -H "X-Api-Secret: $KOMODO_API_SECRET" \
  -d '{}'

# Execute operation
curl -X POST "$KOMODO_ADDRESS/execute/Deploy" \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: $KOMODO_API_KEY" \
  -H "X-Api-Secret: $KOMODO_API_SECRET" \
  -d '{"deployment": "my-deployment"}'

API Reference

Read endpoints: ListServers, ListDeployments, ListStacks, ListBuilds, ListProcedures, ListRepos, GetSystemStats, GetLog

Execute endpoints: Deploy, StartDeployment, StopDeployment, RestartDeployment, DeployStack, StartStack, StopStack, RestartStack, RunBuild, RunProcedure

Full API docs: https://komo.do/docs

安全使用建议

This tool appears to be a straightforward Komodo CLI, but there are a few red flags to consider before installing or using it: - Metadata mismatch: The registry metadata omits required env vars, while SKILL.md and the script require KOMODO_ADDRESS, KOMODO_API_KEY, and KOMODO_API_SECRET. Treat that as a sign to verify the publisher before supplying credentials. - Verify the endpoint: Confirm the KOMODO_ADDRESS is the legitimate Komodo Core instance you intend to talk to. The example domains in SKILL.md look unusual; do not use them. - Limit credentials: Use a least-privilege API key/secret and a dedicated service account for this skill. Do not run it with superuser or unrestricted credentials. - Be careful with file uploads: create-stack and similar commands will likely read and POST local compose.yml and env files — those can contain secrets. Don’t upload sensitive local files unless you trust the target server. - Inspect the full script: Although the visible code only makes HTTPS API calls, you should review the remaining (truncated) parts of scripts/komodo.py yourself to ensure there are no hidden endpoints or opportunistic exfiltration. If you cannot verify the source, run it in an isolated environment (container) and monitor outbound network traffic first. - Ask for provenance: Prefer skills with a verifiable source/homepage and maintainer details. If you need this functionality in production, request that the publisher update the registry metadata to declare required env vars and provide a trustworthy source/README. If you want, I can (a) scan the remainder of scripts/komodo.py for suspicious patterns, (b) show the exact lines that read/upload files, or (c) help craft a minimal, safer invocation policy for credentials.

功能分析

Type: OpenClaw Skill Name: komodo Version: 1.0.0 The skill is a client for managing Komodo infrastructure, interacting with a Komodo Core API. It securely handles API keys and secrets via environment variables and uses standard Python libraries for network communication. The `SKILL.md` provides clear instructions without any prompt injection attempts, and the `komodo.py` script's file access for `compose_file` and `env_file` is aligned with its stated purpose of creating infrastructure stacks. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or obfuscation.

能力评估

⚠ Purpose & Capability

The skill's name and description match the script's behavior (it calls Komodo Core read/execute endpoints). However the registry metadata claims no required environment variables or primary credential, while SKILL.md and scripts clearly require KOMODO_ADDRESS, KOMODO_API_KEY, and KOMODO_API_SECRET. That mismatch is an incoherence and reduces trust.

ℹ Instruction Scope

SKILL.md and the CLI limit actions to Komodo API endpoints and provide curl examples that use the declared KOMODO_ADDRESS and API credentials. This is in-scope. Important: create-stack (and the SKILL.md usage) implies reading a local compose file and optionally an env_file and sending them to the Komodo API — which may transmit local file contents (possibly secrets) to the remote service. The examples include an odd example domain (komodo.weird.cyou) and a docs link (komo.do) that should be verified.

✓ Install Mechanism

No install spec and no external downloads; the skill is delivered as a script and SKILL.md. This minimizes install-time risk.

⚠ Credentials

The CLI legitimately needs KOMODO_ADDRESS, KOMODO_API_KEY, and KOMODO_API_SECRET to function. But the registry metadata does not declare these required env vars or a primary credential, which is inconsistent and could cause users to miss the need to provide or audit credentials. Also, the ability to upload compose and env files means local secrets/credentials could be sent to the configured KOMODO_ADDRESS — ensure the target is trusted and credentials are scoped/minimized.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and has no install hooks. It does not demand persistent system privileges beyond normal execution.

版本历史

v1.0.0

Initial release: manage servers, deployments, stacks, builds, procedures via Komodo Core API

元数据

Slug komodo

版本 1.0.0

许可证 —

累计安装 3

当前安装数 3

历史版本数 1

常见问题

Komodo 是什么？

Manage Komodo infrastructure - servers, Docker deployments, stacks, builds, and procedures. Use when user asks about server status, container management, deployments, builds, or any Komodo-related infrastructure tasks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2178 次。

如何安装 Komodo？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install komodo」即可一键安装，无需额外配置。

Komodo 是免费的吗？

是的，Komodo 完全免费（开源免费），可自由下载、安装和使用。

Komodo 支持哪些平台？

Komodo 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Komodo？

由 weird-aftertaste（@weird-aftertaste）开发并维护，当前版本 v1.0.0。

Komodo