← 返回 Skills 市场
rauto-usage
作者
demohiiiii
· GitHub ↗
· v0.2.3
· MIT-0
294
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install rauto-usage
功能描述
Execute rauto directly for the user: run device commands, template execution, tx block, tx workflow, multi-device orchestration, replay, backup/restore, and...
安全使用建议
This skill appears to be what it says — a playbook for running the 'rauto' CLI and guiding the agent to execute operations (including multi-device orchestration and backup/restore). Before installing or enabling it, consider the following: 1) The SKILL.md assumes a local 'rauto' binary and access to ~/.rauto (saved connections, records, backups), but the metadata does not declare the rauto binary or config-path access; confirm the runtime environment actually has the rauto CLI and inspect where saved connections/backups live. 2) Saved connections or the --save-password flow can hold plaintext or locally stored credentials — avoid instructing the agent to save passwords, and prefer providing per-operation credentials explicitly when needed. 3) Rely on dry-run (--dry-run) and the skill's required confirmation for destructive actions; do not give blanket permission to run replace/restore or broad orchestrations without human review. 4) If you are not comfortable with an agent that can execute local CLI commands against your devices, do not enable autonomous invocation; require manual confirmation for any change actions and review any proposed tx/workflow/orchestrate plans before allowing execution. 5) If you need higher assurance, ask the skill author for a source/homepage and for the metadata to explicitly declare the required 'rauto' binary and any config paths it will read.
功能分析
Type: OpenClaw Skill
Name: rauto-usage
Version: 0.2.3
The `rauto-usage` skill bundle provides an AI agent with powerful network automation capabilities via the `rauto` CLI, including remote command execution (`rauto exec`), multi-device orchestration, and local file system management for backups and templates. While the instructions in `SKILL.md` and `references/agent-execution.md` include safety guardrails like confirmation for destructive actions, the bundle inherently possesses high-risk capabilities such as the ability to restore and replace system-wide backups (`rauto backup restore --replace`) and start a local web server (`rauto web`). These features, while aligned with the tool's stated purpose, constitute a significant attack surface for potential abuse or prompt injection without evidence of direct malicious intent.
能力评估
Purpose & Capability
The skill's stated purpose is to execute rauto operations and the SKILL.md and reference files are tightly focused on running rauto CLI commands, tx/workflow/orchestrate flows, backups, and saved connections. That purpose aligns with the content. However, the metadata declares no required binaries or config paths even though the instructions assume a local 'rauto' CLI and access to runtime paths (e.g., ~/.rauto). The absence of a required-binary declaration is an inconsistency (could be an oversight) and the source/homepage are unknown.
Instruction Scope
The runtime instructions explicitly direct the agent to execute arbitrary rauto commands (including config-changing commands, orchestrations, and backup/restore) and to read/use saved connections, record files, backups, and templates. The references name exact filesystem locations (~/.rauto/*) and suggest using saved connections and potentially saved passwords. While the skill mandates confirmation for many destructive actions, it also directs 'Do not ask the user to manually run commands if agent can run them' and will execute read-only commands immediately and change commands when explicitly requested. This means the agent may read local files that can contain credentials and then execute commands that affect network devices. The instructions do not limit the agent from reading local saved connection files or backups when present.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — the lowest-risk install footprint. Nothing will be downloaded or written by an installer. The primary runtime risk comes from the agent executing local commands described in the documentation, not from any bundled code.
Credentials
The skill declares no required environment variables or primary credential, which is consistent with being instruction-only. However, the instructions rely on user-supplied credentials or saved connections stored under ~/.rauto (connection files, saved passwords, backups, records). That means the agent may request or read secrets from local saved-connection files or ask the user to enter credentials. The metadata does not call out access to those local config paths, which is a proportionality mismatch: the skill will operate on sensitive data but didn't declare config access explicitly.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is allowed (the platform default). Autonomous invocation combined with the ability to execute CLI commands increases the impact radius if the agent is allowed to act without explicit human confirmation. The skill itself requires confirmation for many destructive actions, which mitigates but does not remove the risk — this is a design choice rather than a secret privilege escalation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install rauto-usage - 安装完成后,直接呼叫该 Skill 的名称或使用
/rauto-usage触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.3
- Refined execution and safety rules, focusing on direct operation and rollback-aware planning.
- Removed install/upgrade implementation and instructions from core logic and references.
- Added orchestration risk review reference (references/orchestration-risk-check.md); removed install reference.
- Unified missing input prompts and clarified command execution order and confirmation policies.
- Improved criteria for destructive actions and introduced pre-flight review step for orchestration.
v0.2.2
- Refined agent behavior to prioritize direct execution of rauto operations over tutorial-style guidance.
- Added explicit classification and handling for install/setup, read-only, and config-changing requests.
- Implemented risk guardrails, requiring user confirmation for destructive actions and ambiguous upgrade/reinstall requests.
- Improved decision-making for install paths, favoring GitHub Releases binaries by default and only using source builds on explicit user request.
- Enhanced summary and response format, returning only key results after execution, along with exact commands run and follow-up notes.
- Clarified agent's input collection strategy, now prompting only for must-have missing information per action type.
元数据
常见问题
rauto-usage 是什么?
Execute rauto directly for the user: run device commands, template execution, tx block, tx workflow, multi-device orchestration, replay, backup/restore, and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 294 次。
如何安装 rauto-usage?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install rauto-usage」即可一键安装,无需额外配置。
rauto-usage 是免费的吗?
是的,rauto-usage 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
rauto-usage 支持哪些平台?
rauto-usage 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 rauto-usage?
由 demohiiiii(@demohiiiii)开发并维护,当前版本 v0.2.3。
推荐 Skills