← 返回 Skills 市场
lichas

Pve Automation

作者 Lua · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
437
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install pve-automation
功能描述
Automate Proxmox VE (PVE) virtual machine and container management tasks including VM lifecycle operations (create, start, stop, delete), template management...
安全使用建议
This skill appears to implement a real Proxmox API client and documentation, but there are important mismatches and risky defaults you should consider before installing: - Metadata vs reality: The package metadata declares no required credentials, but the code and README require PVE_HOST, PVE_TOKEN_ID and PVE_SECRET. Treat this as an omission — ask the publisher to update the metadata or avoid using until clarified. - Secrets and privilege: The client defaults to root@pam and expects API tokens; prefer creating a least-privilege API token for automation instead of root-level tokens. Do not paste high-privilege tokens into untrusted contexts. - SSL verification: The client and README use verify=False by default. That is unsafe for untrusted networks — enable certificate verification in production or only run in a trusted internal network. - Local file/command suggestions: SKILL.md suggests running commands that read local files (e.g., grep /etc/default/pveproxy). If you run the agent or the CLI on a shared host, those commands could expose local config. Only run in an environment you control. - Source provenance: The skill's source/homepage is unknown. Prefer code from a known/verified source. If you need this functionality but want to be cautious, review the included scripts locally, run them in an isolated environment, and update the script to enable SSL verification and explicitly document required env vars. If you plan to use this skill: (1) request or require correct metadata listing required env vars, (2) audit and run the code in a safe environment, (3) issue a least-privilege token for automation, and (4) enable SSL verification and/or use proper certificates.
功能分析
Type: OpenClaw Skill Name: pve-automation Version: 0.1.0 The skill bundle provides extensive automation for Proxmox VE, encompassing highly privileged operations such as VM/LXC lifecycle management, storage, network, and user permissions. The `scripts/pve_client.py` contains a critical vulnerability by disabling SSL certificate verification (`verify=False`), which exposes the client to Man-in-the-Middle attacks. Although this vulnerability is acknowledged in `README.md` as suitable only for trusted internal environments, it represents a significant security flaw. The `SKILL.md` itself, while describing powerful capabilities, also outlines numerous safety practices and does not contain explicit prompt-injection instructions for malicious actions like data exfiltration or backdoor installation. The classification is 'suspicious' due to the severe SSL vulnerability, not due to malicious intent.
能力评估
Purpose & Capability
The code (scripts/pve_client.py), README.md, and SKILL.md implement and document Proxmox VE API operations (VM/LXC lifecycle, storage, snapshots, tasks, etc.), which is coherent with the skill name and description. However the skill registry metadata declares no required environment variables or primary credential, while both the client code and README expect PVE_HOST, PVE_TOKEN_ID and PVE_SECRET (and optionally PVE_USER). That mismatch (code needs credentials but metadata claims none) is an incoherence that should be resolved.
Instruction Scope
SKILL.md and README describe and show direct API calls to the PVE REST API (expected). SKILL.md includes an example of running 'grep "port" /etc/default/pveproxy' and other host-level checks — instructions that reference reading local system config files or running shell commands on the agent host are out-of-band for a pure remote-API automation skill and could expose environment-specific data. Also the documentation and code set verify=False for SSL by default (README notes this as "suitable only for trusted internal environments"), which weakens transport security if used unintentionally.
Install Mechanism
No install spec is present (instruction- and code-bundle only). There is a single included Python script and guidance to pip-install 'requests' and 'urllib3'. No external downloads or archive extraction are used, which limits install-time risk.
Credentials
The code requires PVE_HOST, PVE_TOKEN_ID and PVE_SECRET (and optionally PVE_USER) to operate; these are proportionate to managing Proxmox, but the registry incorrectly lists no required env vars/credentials. The default user is root@pam in code and docs — if operators provide root-scoped tokens that is high privilege. The skill should declare its required env vars and recommend least-privilege token scopes and secure handling of secrets. Additionally, defaulting to disabling SSL verification (verify=False) increases risk of credential exposure to man-in-the-middle attacks.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistence. It is user-invocable and model-invocation is allowed (the platform default). There is no evidence the skill modifies other skills or system-wide agent settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pve-automation
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pve-automation 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of pve-automation skill for Proxmox VE management. - Automates VM and LXC container lifecycle tasks: create, start, stop, delete. - Supports template management, cloud-init configuration, and storage operations. - Handles plugin installation and Proxmox cluster operations (status, tasks, resources). - Offers guidance on Proxmox API usage, authentication (token and ticket), and best practices. - Responds to user prompts related to Proxmox, PVE, virtualization, or LXC automation.
元数据
Slug pve-automation
版本 0.1.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Pve Automation 是什么?

Automate Proxmox VE (PVE) virtual machine and container management tasks including VM lifecycle operations (create, start, stop, delete), template management... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 437 次。

如何安装 Pve Automation?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pve-automation」即可一键安装,无需额外配置。

Pve Automation 是免费的吗?

是的,Pve Automation 完全免费(开源免费),可自由下载、安装和使用。

Pve Automation 支持哪些平台?

Pve Automation 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Pve Automation?

由 Lua(@lichas)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论