← 返回 Skills 市场
121
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install remote-terminal
功能描述
Remote Linux terminal control skill. Use when the user wants to (1) connect to a remote Linux server and execute commands, (2) perform SSH operations on remo...
安全使用建议
This skill does what it says (remote command execution) but uses several insecure patterns you should be aware of before installing: it supports sshpass and Telnet (plaintext passwords), it allows storing passwords in ~/.qclaw/workspace/memory/hosts.json (plaintext), and it uses StrictHostKeyChecking=accept-new (auto-accepts host keys, which can enable MITM attacks). Before installing or using it: (1) review the scripts yourself and remove or modify the plaintext-password storage and sshpass flows; (2) prefer SSH key auth and avoid Telnet; (3) change or remove options that auto-accept host keys; (4) secure the ~/.qclaw directory (restrict permissions) and rotate any credentials added; (5) consider running this in a constrained environment or disable autonomous invocation if you do not want the agent to call it without explicit consent. If you want, I can point out the exact lines to change to harden the code (e.g., disable password storage, require explicit host-key verification, or encrypt stored secrets).
功能分析
Type: OpenClaw Skill
Name: remote-terminal
Version: 1.0.0
The 'remote-terminal' skill provides powerful capabilities for remote server management, including SSH/Telnet command execution and parallel execution across multiple hosts. While it includes safety features like command logging and confirmation prompts for dangerous patterns (in ssh_exec.py and SKILL.md), it handles high-risk data such as SSH keys and host credentials. A significant security concern is found in host_manager.py, which allows storing remote server passwords in plaintext within a local JSON file (~/.qclaw/workspace/memory/hosts.json). Although the behavior aligns with the stated purpose, the combination of broad shell access and insecure credential handling makes it high-risk.
能力评估
Purpose & Capability
The name/description (remote SSH terminal control) aligns with the included code and instructions: ssh_exec.py, parallel_exec.py, and host_manager.py implement SSH/Telnet/web-terminal workflows and host storage. Nothing in the package appears to be trying to do unrelated tasks (no unexpected cloud APIs or unrelated credentials).
Instruction Scope
SKILL.md and the scripts instruct the agent to read ~/.ssh/config, read/write ~/.qclaw/workspace/memory/hosts.json, and write logs to ~/.qclaw/logs/remote-terminal.log. Examples and code recommend/allow insecure methods (sshpass password flows, Telnet via expect, and disabling strict host key checking). The skill therefore accesses local SSH config, can prompt for or accept plaintext passwords, and runs arbitrary shell commands on arbitrary hosts — all expected for a remote-terminal skill but with notable insecure choices.
Install Mechanism
No installer or remote downloads are used; this is an instruction+script bundle included in the skill. That reduces supply-chain risk compared with fetching code from arbitrary URLs.
Credentials
The skill requests no declared environment variables, but it enables storing credentials (password field) in ~/.qclaw/workspace/memory/hosts.json and uses sshpass/expect examples. Storing passwords in plaintext and logging commands to a local log file is disproportionate from a security perspective — these are sensitive artifacts that the skill will create and access even though no external secret manager is required.
Persistence & Privilege
The skill does not request always:true or system-wide privileges, but it writes configuration and logs under the user's home (~/.qclaw). That per-skill persistence is normal, but because it may store plaintext passwords and logs, it increases the sensitivity of those files and the blast radius if the agent or machine is compromised.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install remote-terminal - 安装完成后,直接呼叫该 Skill 的名称或使用
/remote-terminal触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Remote Terminal v1.0.0
- Initial release of the remote-terminal skill.
- Enables remote Linux server control via SSH, Telnet, or web terminals.
- Supports multiple authentication methods (password, SSH keys, SSH config).
- Includes built-in security features: command confirmation for dangerous operations, command blacklist, and operation logging.
- Provides host management, parallel execution, and troubleshooting guidance.
- Triggers on common remote connection phrases in English and Chinese.
元数据
常见问题
remote-terminal 是什么?
Remote Linux terminal control skill. Use when the user wants to (1) connect to a remote Linux server and execute commands, (2) perform SSH operations on remo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 121 次。
如何安装 remote-terminal?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install remote-terminal」即可一键安装,无需额外配置。
remote-terminal 是免费的吗?
是的,remote-terminal 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
remote-terminal 支持哪些平台?
remote-terminal 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 remote-terminal?
由 ckaorceu(@ckaorceu)开发并维护,当前版本 v1.0.0。
推荐 Skills