← 返回 Skills 市场
437
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install meshops-control-plane
功能描述
Operate and secure mesh workflows across gateways, including plugin install/setup, health verification, invite/join bootstrap, and controlled execution tasks...
安全使用建议
This skill appears to implement the MeshOps control-plane it claims, but review and operator caution are recommended before installing or enabling it in production:
- Metadata mismatch: the marketplace/registry summary claims no required env vars, but metadata.yaml and SKILL.md expect several gating env vars and system binaries. Ask the maintainer to correct the registry metadata or treat the included metadata.yaml as authoritative.
- Powerful runtime actions (download+extract, plugin installs, writing to /opt, restarting gateway) are present. They are gated by OPENCLAW_ALLOW_* flags and allowlists, but you should:
- Keep OPENCLAW_ALLOW_DEPLOY_SKILL, OPENCLAW_ALLOW_RUN_CMD, and OPENCLAW_ALLOW_HIGH_RISK set to 0 until you audit the skill and its upstream plugin.
- Populate OPENCLAW_RUN_CMD_ALLOWLIST narrowly (or leave empty) to avoid arbitrary command execution.
- Restrict OPENCLAW_ALLOWED_CALLERS to trusted operator IDs only.
- The skill will auto-register capabilities and may automatically claim tasks. If you do not want autonomous cross-gateway execution or capability advertisement, do not load this skill on agents that should remain passive.
- Verify sources before permitting installs: setup-ansible-plugin calls 'openclaw plugins install' (github/npm/path). Confirm the plugin repository (https://github.com/likesjx/openclaw-plugin-ansible) and any artifact URLs used by deploy-skill.
- Run preflight in a controlled environment first (the included preflight action reports presence of required binaries and current gate settings). Review the collected logs and test deploy flow in an isolated node before enabling on production gateways.
If you want to proceed: require maintainer to fix registry metadata, audit the plugin repo and any artifacts, and enforce strict gate/allowlist settings and minimal privileges for the runtime user.
功能分析
Type: OpenClaw Skill
Name: meshops-control-plane
Version: 0.1.7
The bundle provides a distributed orchestration framework with high-risk capabilities, specifically remote command execution (run-cmd.sh) and remote skill deployment (deploy-skill.sh). While the implementation includes several security controls—such as environment-based gates (OPENCLAW_ALLOW_HIGH_RISK), caller allowlists, command allowlists, and SHA256 integrity checks—the inherent nature of these tools allows for Remote Code Execution (RCE) and persistence. There is no evidence of intentional malice or data exfiltration, but the powerful administrative surface area warrants a suspicious classification for a senior analyst review.
能力评估
Purpose & Capability
The files (handler.py and actions/*.sh) implement the described mesh control-plane capabilities (invite/join, capability publish, task delegation, preflight, deploy-skill, run-cmd, plugin setup). That runtime footprint is coherent with the skill description. However, the package-level registry summary earlier reported 'Required env vars: none' while the included metadata.yaml and SKILL.md declare multiple required env vars and binaries (OPENCLAW_* gates, jq, curl, tar, sha tools, openclaw CLI, etc.), which is an internal inconsistency and reduces transparency about what the skill will actually rely on.
Instruction Scope
SKILL.md and docs instruct agents to automatically register capabilities on load and to poll/claim tasks at the start of reasoning steps (automatic executor behavior). The scripts and handler read environment gating variables and may download artifacts, install plugins, write into /opt/openclaw/skills, and restart the gateway. Those behaviors are within the stated mesh/ops domain but expand the agent's runtime authority (auto-claiming and side-effectful installs), so operators must ensure gates and allowlists are configured as intended.
Install Mechanism
No install spec in the registry (skill is distributed as source files). The included scripts perform runtime downloads: deploy-skill uses curl to fetch arbitrary HTTPS artifacts (but enforces SHA256 and a gate), and setup-ansible-plugin invokes 'openclaw plugins install' which may fetch code from GitHub/npm/path. This is expected for a plugin/bootstrap skill, but it is a higher-risk runtime operation than a purely read-only instruction-only skill.
Credentials
The skill relies on multiple environment gates (OPENCLAW_ALLOW_HIGH_RISK, OPENCLAW_ALLOW_RUN_CMD, OPENCLAW_ALLOW_DEPLOY_SKILL), an allowlist (OPENCLAW_RUN_CMD_ALLOWLIST), and artifact path (OPENCLAW_ARTIFACT_ROOT). Those are proportionate to the high-risk capabilities, but the top-level registry metadata omitted required env vars while metadata.yaml lists them — a mismatch that could mislead operators. The skill does not ask for cloud credentials, but it does require filesystem and process permissions (writing to /opt, running openclaw CLI, restarting gateway).
Persistence & Privilege
always:false (no forced global inclusion). However, SKILL.md/docs specify automatic capability registration when a task-type skill loads and automated executor polling/claiming behavior, which effectively modifies shared mesh state and makes the agent an active participant in routing. This is consistent with a control-plane role but increases blast radius if gates/allowlists are misconfigured.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install meshops-control-plane - 安装完成后,直接呼叫该 Skill 的名称或使用
/meshops-control-plane触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.7
**Summary:** Major skill rebranding and expanded documentation for mesh coordination mesh.
- Renamed skill from "meshops-control-plane" to "ansible" with updated description and public positioning.
- Completely overhauled SKILL.md: now provides detailed concepts, behavioral contracts, topology models, lifecycle rules, and tool usage.
- Added comprehensive protocol, delegation workflow, and governance documentation for distributed mesh operations.
- New documentation files included: CLAWHUB.md and an operator runbook.
- Updated references and examples throughout to establish the new coordination model and clarify safety/approval flows.
v0.1.3
Rebrand + hardening: explicit env/binary contract, strict gates, preflight action, and plugin capability inventory.
元数据
常见问题
MeshOps Control Plane 是什么?
Operate and secure mesh workflows across gateways, including plugin install/setup, health verification, invite/join bootstrap, and controlled execution tasks... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 437 次。
如何安装 MeshOps Control Plane?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install meshops-control-plane」即可一键安装,无需额外配置。
MeshOps Control Plane 是免费的吗?
是的,MeshOps Control Plane 完全免费(开源免费),可自由下载、安装和使用。
MeshOps Control Plane 支持哪些平台?
MeshOps Control Plane 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MeshOps Control Plane?
由 likesjx(@likesjx)开发并维护,当前版本 v0.1.7。
推荐 Skills