← 返回 Skills 市场
Mikrotik Routeros
作者
charllesvale
· GitHub ↗
· v2.0.5
· MIT-0
134
总下载
0
收藏
0
当前安装
7
版本数
在 OpenClaw 中安装
/install mikrotik-routeros-isp
功能描述
Expert-level management of MikroTik RouterOS devices and VSOL GPON OLTs via SSH or RouterOS API (port 8728/8729) and REST API (port 80/443). Use this skill w...
安全使用建议
Things to check before installing or running this skill:
- Verify metadata: confirm the skill registry entry matches SKILL.md (required binaries and env vars). If the registry lists no required env vars but SKILL.md does, the UI may not prompt you correctly for credentials.
- Audit local-file access: the bundled Python client will read ~/.openclaw/workspace/TOOLS.md to discover devices. Remove any plaintext passwords from that file or avoid storing credentials there. Prefer SSH keys (MIKROTIK_KEY) and set passwords only in a secure secret store/environment variables when needed.
- Vet third‑party code: the references and scripts instruct fetching code from https://rsc.eworm.de and advise installing eworm scripts on routers. Review those scripts yourself before importing them into production routers—they run with router privileges.
- Host modifications: SKILL.md suggests 'pip3 install --break-system-packages' and using sshpass. Only run these commands in a controlled environment (container or CI runner) if you understand implications for the host OS package management.
- Least privilege: create a management account on devices with only the permissions the automation needs (avoid full admin if possible), and restrict RouterOS API/SSH access to management subnets.
- Operational caution: when the skill proposes destructive commands (reboot, remove, change firewall), require explicit confirmation. Consider running in read/diagnose-only mode first.
If you cannot review the external scripts (rsc.eworm.de, Evolution API examples) and you cannot guarantee TOOLS.md/ENV secrecy, treat this integration as higher risk and do not install it on sensitive systems until vetted.
功能分析
Type: OpenClaw Skill
Name: mikrotik-routeros-isp
Version: 2.0.5
The skill bundle provides comprehensive ISP management tools but includes high-risk patterns, most notably the automated fetching and execution of remote scripts. In 'references/eworm-scripts.md', instructions are provided to download and run RouterOS scripts directly from 'rsc.eworm.de', which functions as a 'curl|bash' equivalent for network infrastructure. Additionally, 'scripts/mikrotik_api.py' is designed to read and parse the 'TOOLS.md' file within the OpenClaw workspace to extract device credentials. While these capabilities are aligned with the stated purpose of advanced ISP automation, the combination of remote code execution and broad workspace file access for secrets poses a significant security risk.
能力标签
能力评估
Purpose & Capability
The SKILL.md, reference docs, and code files align with the stated purpose (MikroTik RouterOS and VSOL OLT management). However the registry metadata you provided lists no required binaries or env vars while the included SKILL.md explicitly declares required binaries (ssh, sshpass) and several env vars (MIKROTIK_HOST, MIKROTIK_USER, MIKROTIK_PASS, MIKROTIK_KEY, OLT_*). That metadata mismatch is an inconsistency you should resolve before trusting automated installs or UI prompts.
Instruction Scope
The runtime instructions and the included Python script deliberately read local user config (~/.openclaw/workspace/TOOLS.md) to find device credentials and also instruct fetching third‑party RouterOS scripts (rsc.eworm.de) into devices. Reading TOOLS.md and using env vars is reasonable for device automation, but it exposes credentials if passwords are stored there. The skill also instructs running pip3 with --break-system-packages and using sshpass if keys are unavailable—both broaden the agent's actions on the host. The skill does not appear to exfiltrate data itself, but it gives the agent discretion to read local credential files and to fetch/execute third‑party code on managed devices.
Install Mechanism
There is no platform-level install spec — the skill is instruction-plus-code and will not automatically download/execute packages on the hosting machine. That is lower risk than an installer that pulls arbitrary binaries. Still, SKILL.md instructs operators to run 'pip3 install --break-system-packages routeros-api' and to fetch scripts from rsc.eworm.de into routers. Those are explicit supply‑chain actions you must audit before performing; the skill itself bundles a small pure‑Python RouterOS client (scripts/mikrotik_api.py) rather than depending solely on the pip package.
Credentials
The env vars required by the SKILL.md (MIKROTIK_HOST/USER/PASS/KEY and optional OLT credentials) are appropriate for a network management skill. However: (1) the registry metadata previously shown lists none, an inconsistency that could hide prompts or required secrets at install time; (2) the included Python script reads TOOLS.md (~/.openclaw/workspace/TOOLS.md) and will parse stored device entries, potentially using plaintext passwords found there. If TOOLS.md contains passwords, the script warns but will still return them. Requesting host-level credentials is proportionate only if the operator knows these are needed and stores them safely (SSH keys or ephemeral secrets).
Persistence & Privilege
always:false and no install hook were declared — the skill is not force-included and does not request persistent platform privileges. It does instruct adding scheduler entries and scripts on remote RouterOS devices (normal for device management), but it does not appear to modify other skills or agent-wide configuration. Note: the skill can be invoked autonomously by default (disable-model-invocation is false); autonomous invocation combined with broad credential access would increase risk, but here the skill does not request unrelated platform secrets.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mikrotik-routeros-isp - 安装完成后,直接呼叫该 Skill 的名称或使用
/mikrotik-routeros-isp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.5
- Skill renamed from `mikrotik-routeros-isp` to `mikrotik-routeros-isp-br`.
- Updated TOOLS.md instructions to recommend storing SSH key paths instead of passwords.
- Added a security notice: plaintext passwords should never be kept in TOOLS.md.
- Minor clarifications and rewording in the documentation; no logic changes.
- No changes to functional code detected.
v2.0.4
Prefer SSH key auth, declare env vars and external URLs, security improvements
v2.0.3
Fix example hosts to MikroTik default 192.168.88.1
v2.0.2
PCC dual-WAN load balance, OSPF watchdog
v2.0.1
Added PCC dual-WAN, OSPF watchdog, RADIUS fixes, GenieACS auth from protocol.be
v2.0.0
RouterOS API REST ref, Python client, multi-device, eworm-de scripts complete catalog
v1.0.0
Initial release — provides expert management of MikroTik RouterOS and VSOL/GPON OLT devices for ISP infrastructure.
- Supports SSH-based configuration and diagnostics for MikroTik RouterOS and VSOL GPON OLT.
- Guides on safe device management: always backs up configs and requires confirmation for changes.
- Covers workflows for PPPoE, CGNAT, RADIUS, OSPF, BGP, VLAN, VRRP, and failover automation.
- Includes best practices, safety warnings, and troubleshooting references directly in skill documentation.
元数据
常见问题
Mikrotik Routeros 是什么?
Expert-level management of MikroTik RouterOS devices and VSOL GPON OLTs via SSH or RouterOS API (port 8728/8729) and REST API (port 80/443). Use this skill w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 134 次。
如何安装 Mikrotik Routeros?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mikrotik-routeros-isp」即可一键安装,无需额外配置。
Mikrotik Routeros 是免费的吗?
是的,Mikrotik Routeros 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Mikrotik Routeros 支持哪些平台?
Mikrotik Routeros 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Mikrotik Routeros?
由 charllesvale(@charllesvale)开发并维护,当前版本 v2.0.5。
推荐 Skills