运维助手 v2.0

运维助手 v2.0 - 支持本地、远程、多服务器集群监控 (健康检查、日志分析、性能监控、批量操作、文件传输)

This skill is coherent with its stated purpose but handles sensitive secrets and will read/write files in your home directory. Before installing or running it: - Review the source (especially src/utils/ssh-pool.ts, src/utils/sftp-client.ts, src/utils/audit-logger.ts) to ensure there are no unexpected network endpoints or telemetry. The provided code shows no external HTTP endpoints. - Be aware it will try to use ~/.ssh/id_rsa by default and can store passwords in ~/.config/ops-maintenance/servers.json; prefer key-based auth and do not put plaintext passwords in that file. - Audit the permissions on ~/.config/ops-maintenance and ~/.ssh/* (restrict to the user, e.g., 600 for private keys). - The skill writes audit.log with executed commands — this is useful but may contain sensitive data; treat the log as confidential. - The repository includes package.json; run npm install in an isolated environment and run npm audit before use. - Note small mismatches: SKILL.md claims v2.0 removed shell-based SSH usage but dist/index.js still uses child_process.exec for local command execution (not for remote SSH). Also the registry metadata omits an explicit install spec even though SKILL.md instructs npm install — confirm your agent/platform will install and run the included code as intended. If you accept these trade-offs (local file access, use of SSH keys, local audit logs) and you trust the maintainer, this skill appears to be what it claims. If you do not trust the source or prefer not to expose local keys/configs, do not install or run it.

Type: OpenClaw Skill Name: ops-maintenance Version: 2.0.1 The skill bundle provides powerful administrative capabilities, including remote command execution via SSH, SFTP file transfer (upload/download), and local shell execution using '/bin/zsh' (src/index.ts). It is designed to automatically access the user's private SSH key (~/.ssh/id_rsa) to facilitate server connections (src/utils/ssh-pool.ts). While these features are consistent with the stated purpose of an 'Ops Maintenance' tool, the combination of arbitrary command execution, file exfiltration potential, and automated credential access constitutes a high-risk attack surface.