Model Migrate FlagOS

Migrate a model from the latest vLLM upstream repository into the vllm-plugin-FL project (pinned at vLLM v0.13.0). Use this skill whenever someone wants to a...

What to consider before installing or running this skill: - Functionally coherent: The skill appears to do what it claims (migrating vLLM models and running E2E verification). The included scripts implement the pipeline end-to-end. - High-privilege actions: The instructions expect to read/write plugin source, run tests, start/stop local servers, manage a remote GT server over SSH, and forcibly kill GPU-using processes (nvidia-smi | xargs kill -9). These can affect other users/processes and system state. - Automation without confirmation: The skill's operational rules explicitly tell the agent to auto-resume and to 'NEVER ask whether to continue', and to 'work-until-done'. If you allow the agent to run autonomously with this skill enabled, it may continue making changes without further prompts. - Missing declared credentials: The skill does not declare required env variables or credentials, yet it assumes SSH key access and permission to read /usr/local/lib, /models, and modify the plugin directory. Expect to provide or confirm SSH access and to run in an environment where these assumptions are acceptable. Recommendations: 1. Review the code before running: inspect scripts e2e_remote_serve.sh, validate_migration.py, serve.sh, run-request.sh, and any scripts that execute shell commands (look for any network endpoints or unexpected commands). 2. Run in an isolated environment: execute the migration in a disposable VM or container where you control SSH keys, GPU processes, and filesystem snapshots. Back up your vllm-plugin-FL repo first (git branch or clone). 3. Require manual confirmation: if you let an agent use this skill, configure it NOT to auto-resume unattended or to require user approval before steps that modify files, kill processes, or SSH to remote hosts. 4. Validate SSH usage: do not blindly run ssh-copy-id or any script that writes to ~/.ssh/authorized_keys without verifying the target host and keys. 5. If you need more assurance: ask the skill author for provenance (source repo URL, maintainer identity) and for an explicit list of all commands the skill will run, so you can audit them. Given these factors, treat the skill as useful but potentially risky — proceed only after inspection and with controls in place (isolated environment, backups, manual confirmations).

Type: OpenClaw Skill Name: model-migrate-flagos Version: 1.0.0 The skill bundle automates a complex vLLM model migration workflow that requires high-privilege operations. Key indicators include scripts/e2e_remote_serve.sh, which executes remote commands via SSH using private keys (defaulting to ~/.ssh/id_ed25519), and references/operational-rules.md, which explicitly instructs the AI agent to forcefully terminate any processes occupying GPU memory using 'kill -9'. While these capabilities are contextually aligned with the stated goal of benchmarking and verifying LLM performance, they provide a significant mechanism for unauthorized remote control and system disruption if the agent is misdirected. No evidence of intentional data exfiltration or backdoors was found, but the aggressive resource management and SSH usage warrant a suspicious classification.