← 返回 Skills 市场
likesjx

Openclaw Skill Ansible

作者 likesjx · GitHub ↗ · v0.1.6
cross-platform ⚠ suspicious
534
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install openclaw-skill-ansible
功能描述
Operate and secure mesh workflows across gateways, including plugin bootstrap, invite/join auth handshake, resilient routing, capability contract lifecycle,...
安全使用建议
This skill is purpose-aligned for a MeshOps control plane, but review these before installing: - Resolve the manifest mismatch: the registry summary says "no required env vars/bins" but metadata.yaml inside the package lists several gates and binaries. Confirm the marketplace metadata matches the packaged metadata. - Treat the gating env vars (OPENCLAW_ALLOW_HIGH_RISK, OPENCLAW_ALLOW_RUN_CMD, OPENCLAW_ALLOW_DEPLOY_SKILL) as safety interlocks — ensure they default to disabled (0) and are only enabled deliberately for vetted tasks. - Confirm OPENCLAW_ALLOWED_CALLERS is set to a small trusted allowlist. If mis-set, remote callers could trigger deploy/run operations. - Audit the deploy-skill workflow: it downloads HTTPS artifacts and extracts them to /opt/openclaw/skills. Although it requires a sha256 and https, validate the artifact sources and verify the SHA before enabling deployment in production. - Review automatic behavior in SKILL.md: the design requires skills to auto-register capabilities and for executors to auto-claim tasks at reasoning start. If you do not want agents to autonomously claim/execute mesh tasks, do not load this skill into agents that must remain passive. - Test in an isolated environment first: verify preflight, allowlists, artifact root behavior, and that run-cmd only permits the exact commands you expect. If you want, I can list the exact lines/scripts that perform downloads, extractions, command execution, and automatic registration to make your audit easier.
功能分析
Type: OpenClaw Skill Name: openclaw-skill-ansible Version: 0.1.6 The bundle implements a distributed coordination mesh with high-risk administrative capabilities, specifically remote command execution (run-cmd.sh) and remote skill deployment (deploy-skill.sh). While these actions are protected by multi-layered security gates—including environment variable toggles (OPENCLAW_ALLOW_HIGH_RISK), caller allowlists in src/handler.py, and SHA256 integrity checks for remote artifacts—the inherent capability to download and execute code or run shell commands across a mesh of gateways is high-risk. The documentation (SKILL.md and docs/) outlines a legitimate 'MeshOps' purpose with a 'Ring of Trust' governance model, suggesting these features are intended for orchestration rather than malice, but the potential for abuse remains significant.
能力评估
Purpose & Capability
The name/description (MeshOps control-plane) aligns with the included docs, SKILL.md, and scripts: they implement ring-of-trust, CRDT sync, capability routing, and lifecycle ops. The presence of scripts to install plugins, deploy skills, run commands, and collect logs is coherent with an operator/mesh-control skill. However, the skill manifest shown earlier (registry summary) reported no required env vars/binaries while metadata.yaml inside the package lists several required env vars and binaries (OPENCLAW_* gates, openclaw, jq, curl, tar, sha tools, git). This mismatch is an incoherence to resolve.
Instruction Scope
SKILL.md instructs agents to perform broad dispatcher behaviors (auto-register capabilities on load, auto-claim tasks at each reasoning step, write routing metadata into shared Yjs state). Those instructions give loaded agents autonomous authority to discover and claim work across a mesh. The runtime action scripts also read environment gates, write to filesystem locations (/opt/openclaw/skills, /var/lib/openclaw/artifacts), download artifacts from arbitrary HTTPS URLs (deploy-skill), and run CLI tooling. While many of these actions are gated, the SKILL.md's automatic/implicit side-effects (capability registration on load, automated claiming) expand the agent's scope significantly and deserve operator review.
Install Mechanism
There is no package-install spec embedded (instruction-only at registry level) and code files are shipped in the skill bundle. The scripts themselves call external network via openclaw plugins install and curl (for deploy-skill) — but those are invoked at runtime and are gated. No opaque downloads from personal IPs or shorteners; deploy-skill requires HTTPS and SHA256 verification. This is acceptable but still risky in practice because extracting remote archives into /opt is high-impact.
Credentials
Declared envs in metadata.yaml (OPENCLAW_ALLOWED_CALLERS, OPENCLAW_ALLOW_HIGH_RISK, OPENCLAW_ALLOW_RUN_CMD, OPENCLAW_ALLOW_DEPLOY_SKILL, OPENCLAW_RUN_CMD_ALLOWLIST, OPENCLAW_ARTIFACT_ROOT) map to the skill's gating design and are not secret credentials, which is proportionate. But the registry summary reported no required envs (contradiction). Also, required envs control powerful actions: if gates are enabled (OPENCLAW_ALLOW_RUN_CMD=1, OPENCLAW_ALLOW_DEPLOY_SKILL=1, OPENCLAW_ALLOW_HIGH_RISK=1) and caller allowlist permits a caller, the skill can download and extract archives and run commands (even though run-cmd has an allowlist, deploy-skill downloads arbitrary artifact URLs). This makes correct gate configuration critical.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The skill's documented behavior includes side-effects on agent startup (capability registration) and automatic claiming at each reasoning step; those are functional choices but increase the blast radius because agents with the skill become eligible executors and can be auto-invoked. Combined with the deploy-skill/run-cmd scripts, this raises risk if gating env-vars or allowlists are misconfigured. The skill does not request system-wide config modification beyond installing skills or writing to /opt when operator-invoked.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-skill-ansible
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-skill-ansible 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.6
- Documentation formatting updated in SKILL.md for improved readability and structure. - No changes to core logic or skill functionality in this release.
v0.1.5
openclaw-skill-ansible v0.1.5 - Renamed and repositioned the skill from "meshops-control-plane" to "ansible" with a new focus on distributed mesh coordination, referencing the sci-fi ansible rather than the infrastructure tool. - Major rewrite of documentation: SKILL.md and README.md replaced with an expanded explanation of architecture, behavioral rules, governance, and tool commands. - Added CLAWHUB.md and an operator runbook in docs/operator-runbook.md for easier onboarding and operational support. - Expanded descriptions of available mesh operations, lifecycle, delegation protocols, and safety models. - Updated metadata and clarified compatibility, deployment safety, and session workflows.
v0.1.4
MeshOps Control Plane skill update with expanded actions, stronger safety, and improved docs. - Added preflight check action to validate environment and binaries before maintenance. - Updated naming and documentation to clarify scope as "MeshOps Control Plane" and avoid brand confusion. - Documented explicit gate controls and required environment variables for all high-risk actions. - Improved capability contract and delegation/execution pairing process in design. - Enhanced deployment and run-cmd safety instructions and allowlist requirements. - Added actual plugin capabilities reference doc.
v0.1.2
Security hardening: authz gates, safe dispatch, required checksums/https, declared dependencies, and clarified side-effect boundaries.
v0.1.1
Initial ClawHub publish with operational setup workflow.
v0.1.0
Initial ClawHub publish with operational setup workflow and plugin bootstrap action.
元数据
Slug openclaw-skill-ansible
版本 0.1.6
许可证
累计安装 0
当前安装数 0
历史版本数 6
常见问题

Openclaw Skill Ansible 是什么?

Operate and secure mesh workflows across gateways, including plugin bootstrap, invite/join auth handshake, resilient routing, capability contract lifecycle,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 534 次。

如何安装 Openclaw Skill Ansible?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-skill-ansible」即可一键安装,无需额外配置。

Openclaw Skill Ansible 是免费的吗?

是的,Openclaw Skill Ansible 完全免费(开源免费),可自由下载、安装和使用。

Openclaw Skill Ansible 支持哪些平台?

Openclaw Skill Ansible 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Openclaw Skill Ansible?

由 likesjx(@likesjx)开发并维护,当前版本 v0.1.6。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论