← 返回 Skills 市场
749
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install proxmox-ops
功能描述
Ops-focused Proxmox VE management via REST API — monitor, control, provision, and troubleshoot VMs and LXC containers with battle-tested operational patterns...
安全使用建议
This skill appears to do what it says (Proxmox REST operations) and includes a usable helper script, but review before installing:
- The registry metadata does NOT list the three required environment variables (PROXMOX_HOST, PROXMOX_TOKEN_ID, PROXMOX_TOKEN_SECRET) even though SKILL.md and the script require them. Treat that as a red flag: verify credential requirements yourself before trusting any automation.
- The helper uses curl -k (disables TLS verification) to accommodate self-signed certs. This weakens transport security; prefer adding the CA or using properly signed certs rather than leaving -k in place for production use.
- The provisioning examples include an obvious example password (changeme123). Never use example passwords; ensure provisioning uses secure secrets management and least-privilege API tokens.
- The skill expects you to store an API token in ~/.proxmox-credentials (mode 600). That is reasonable, but confirm you create the file yourself and review its contents. Alternatively use ephemeral environment variables in CI/agents.
- Because this is instruction-only with an included script, inspect scripts/pve.sh locally and consider running it in a controlled environment first. Verify the GitHub homepage, commit history, and author before integrating into automation.
If you intend to deploy this in production automation, require an API token with minimized permissions, replace -k, remove example plaintext passwords, and confirm the registry metadata is corrected to declare required credentials.
功能分析
Type: OpenClaw Skill
Name: proxmox-ops
Version: 1.2.0
The proxmox-ops skill is a legitimate toolkit for managing Proxmox VE via its REST API. It includes a helper script (scripts/pve.sh) and comprehensive documentation (SKILL.md, provisioning.md) for VM/LXC lifecycle management, snapshots, and resource monitoring. While it utilizes 'curl -k' to bypass TLS verification (documented as a workaround for Proxmox's default self-signed certificates) and manages sensitive API tokens in a local credential file, these actions are transparently disclosed and strictly aligned with the stated operational purpose without evidence of malicious intent or data exfiltration.
能力评估
Purpose & Capability
SKILL.md and scripts clearly require PROXMOX_HOST, PROXMOX_TOKEN_ID, and PROXMOX_TOKEN_SECRET to talk to a Proxmox API; registry metadata lists no required env vars or primary credential. This mismatch is incoherent: a Proxmox management skill legitimately needs those credentials, but the registry entry does not declare them.
Instruction Scope
The instructions and scripts restrict actions to the user-configured Proxmox host and provide clear operation categories (read-only vs reversible vs destructive) and confirmation guidance. They instruct creating ~/.proxmox-credentials (mode 600) or using env vars. Two concerns: the examples include a weak example password ('changeme123') for provisioning, and the curl calls use -k (TLS verification disabled), which weakens transport security for self-signed servers.
Install Mechanism
No install spec — instruction-only skill with an included helper script. Required binaries (curl, jq) are declared and used. Low install risk because nothing is downloaded or installed automatically.
Credentials
The only runtime secrets needed are Proxmox API token and host, which are proportionate to the stated purpose. However, the registry metadata failing to declare these env vars/API token as required is a meaningful omission. Also, instructions recommend persisting the API token in ~/.proxmox-credentials (acceptable if user-managed and file perms are enforced) while curl -k reduces protection of that token in transit for self-signed servers; user should prefer properly-signed certs or securely handle verification.
Persistence & Privilege
always:false and no modifications to other skills/system settings. The skill suggests creating a user-owned credentials file (~/.proxmox-credentials) and reads it — this is expected behavior for convenience and not a privilege escalation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install proxmox-ops - 安装完成后,直接呼叫该 Skill 的名称或使用
/proxmox-ops触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Rename display name from 'Proxmox Ops Skill' to 'Proxmox Ops'; sync with GitHub latest (commit 823dee2)
v1.1.2
Fix scanner: explicitly declare PROXMOX_HOST, PROXMOX_TOKEN_ID, PROXMOX_TOKEN_SECRET in description for credential coherence
v1.1.1
Add attribution for pve.sh origin (weird-aftertaste/proxmox) and Credits section in README
v1.1.0
Match proven scanner-passing pattern: remove requires.env gate, align description with idrac format, consolidate setup section
v1.0.3
Address all scanner findings: explicit env var declaration, dual credential patterns (file + env), network scope documentation, token rotation guidance, TLS alternatives
v1.0.2
Fix scanner findings: explicit credential lifecycle, least-privilege token guidance, TLS justification
v1.0.1
Add GitHub repo homepage link
v1.0.0
Ops-focused Proxmox VE management with auto node discovery, disk resize + in-guest steps, guest agent IP, vmstate warnings, safety gates, provisioning reference.
元数据
常见问题
Proxmox Ops 是什么?
Ops-focused Proxmox VE management via REST API — monitor, control, provision, and troubleshoot VMs and LXC containers with battle-tested operational patterns... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 749 次。
如何安装 Proxmox Ops?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install proxmox-ops」即可一键安装,无需额外配置。
Proxmox Ops 是免费的吗?
是的,Proxmox Ops 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Proxmox Ops 支持哪些平台?
Proxmox Ops 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 Proxmox Ops?
由 Eddy(@eddygk)开发并维护,当前版本 v1.2.0。
推荐 Skills