← 返回 Skills 市场
Proxmox
作者
weird-aftertaste
· GitHub ↗
· v1.0.1
3672
总下载
6
收藏
19
当前安装
2
版本数
在 OpenClaw 中安装
/install proxmox
功能描述
Manage Proxmox VE clusters via REST API. Use when user asks to list, start, stop, restart VMs or LXC containers, check node status, create snapshots, view tasks, or manage Proxmox infrastructure. Requires API token or credentials configured.
安全使用建议
This skill's functionality matches its description (it talks to the Proxmox API), but the package metadata is incomplete. Before installing or running it:
- Inspect scripts/pve.sh yourself (already included) and verify you are comfortable running it.
- Provide credentials only as a Proxmox API token with minimal privileges (create a token scoped only to the operations you need). Do not use full root/password if unnecessary.
- The skill expects PROXMOX_HOST, PROXMOX_TOKEN_ID, and PROXMOX_TOKEN_SECRET, and the system needs curl and jq — but the registry metadata does not declare these. Ensure those env vars/binaries are present and documented where you manage skills.
- Avoid using -k/--insecure in production; instead configure TLS properly or use a token over a trusted connection.
- Consider running first in a restricted test environment and limit the API token privileges (least privilege). If you need the skill to be allowed to run autonomously, treat that as higher risk and audit token scopes and logs.
If the publisher can update the skill metadata to declare the required env vars and binaries, and remove or document the use of -k, the package will be much more coherent and easier to trust.
功能分析
Type: OpenClaw Skill
Name: proxmox
Version: 1.0.1
The skill bundle is benign. It provides functionality to manage Proxmox VE clusters via its REST API, as described in SKILL.md. The `scripts/pve.sh` script correctly implements these operations, loading credentials from `~/.proxmox-credentials` or environment variables and making API calls exclusively to the user-configured Proxmox host. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation. The use of `curl -k` (insecure SSL) is noted but is a common practice for Proxmox with self-signed certificates and is explicitly mentioned in the documentation, not indicative of malicious intent.
能力评估
Purpose & Capability
The name, description, SKILL.md, and scripts all consistently implement Proxmox VE REST API operations (list/start/stop/snapshots/tasks etc.), so purpose and capability match. However the skill metadata declares no required environment variables or binaries while the instructions and script clearly require PROXMOX_HOST, PROXMOX_TOKEN_ID, PROXMOX_TOKEN_SECRET and command-line tools (curl, jq).
Instruction Scope
The SKILL.md and scripts stay within the stated Proxmox management scope: they load credentials from ~/.proxmox-credentials or env, then call only the Proxmox API endpoints. They do not attempt to read unrelated system files. Notes: instructions recommend using -k (skip SSL verification) which weakens TLS security, and the script will source a credentials file in the user's home directory (expected but should be highlighted).
Install Mechanism
No install spec (instruction-only with an included helper script). This reduces supply-chain risk. The script file is included in the package and would be written to disk if the skill is installed; that's expected for a helper script but means users should inspect the script before running.
Credentials
The script and SKILL.md require sensitive Proxmox credentials (PROXMOX_HOST, PROXMOX_TOKEN_ID, PROXMOX_TOKEN_SECRET), which are appropriate for the stated purpose — but the skill metadata does not declare these required env vars or a primary credential. The metadata also omits required binaries (curl, jq). This mismatch could lead to silent failures or unexpected behavior and is a packaging/permissions concern.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It can be invoked by the model (default), which is expected for a tool that manages infrastructure.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install proxmox - 安装完成后,直接呼叫该 Skill 的名称或使用
/proxmox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Fix status command to handle missing cpu/mem fields gracefully
v1.0.0
Initial release: manage VMs, LXC, snapshots, tasks via REST API
元数据
常见问题
Proxmox 是什么?
Manage Proxmox VE clusters via REST API. Use when user asks to list, start, stop, restart VMs or LXC containers, check node status, create snapshots, view tasks, or manage Proxmox infrastructure. Requires API token or credentials configured. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3672 次。
如何安装 Proxmox?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install proxmox」即可一键安装,无需额外配置。
Proxmox 是免费的吗?
是的,Proxmox 完全免费(开源免费),可自由下载、安装和使用。
Proxmox 支持哪些平台?
Proxmox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Proxmox?
由 weird-aftertaste(@weird-aftertaste)开发并维护,当前版本 v1.0.1。
推荐 Skills