← 返回 Skills 市场
SAPCONET SSH Bridge
作者
Highlander89
· GitHub ↗
· v0.1.0
472
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install sapconet-ssh-bridge
功能描述
Standard SAPCONET SSH command templates for bird reads, Puppeteer runs, and inbox messaging workflows.
安全使用建议
This skill is basically two SSH wrapper scripts and is coherent with its stated purpose, but before installing or running it you should: 1) manually inspect both scripts (they contain placeholders that become remote commands); 2) replace the default SAPCONET_TARGET ([email protected]) with a host you control/trust; 3) ensure your SSH keys/agent are configured rather than entering credentials inline; 4) avoid allowing the agent to autonomously execute these scripts against external hosts unless you explicitly trust the target; and 5) ask the publisher for provenance (source/homepage) if you need accountability — the registry metadata lists no homepage and an unknown owner.
功能分析
Type: OpenClaw Skill
Name: sapconet-ssh-bridge
Version: 0.1.0
The skill is classified as suspicious due to a remote shell injection vulnerability found in `scripts/msg-sapconet.sh`. The script directly interpolates the `$MESSAGE` argument into the remote SSH command string without proper sanitization, allowing an attacker to execute arbitrary commands on the `SAPCONET_TARGET` host if they can control the `MESSAGE` input. While the script is presented as a template with 'TODO' placeholders, this lack of input sanitization constitutes a significant security flaw, even without clear evidence of intentional malice.
能力评估
Purpose & Capability
The name/description say the skill standardizes SSH command patterns for bird reads, Puppeteer checks, and inbox messaging; the included scripts only use SSH to run placeholder commands on a remote host, which is coherent with the stated purpose. Minor mismatch: the metadata lists no required env vars, but the scripts rely on SAPCONET_TARGET (with a default [email protected]).
Instruction Scope
SKILL.md and scripts confine activity to SSH calls to the target host; there are no other network calls or local file reads. However, remote commands executed over SSH can run arbitrary work on the target host (the scripts currently contain placeholders). The SKILL.md warning to review remote placeholders is appropriate; users should verify remote commands before running.
Install Mechanism
No install spec (instruction-only) and only two bash scripts are included. Nothing will be downloaded or written by an installer — low install risk.
Credentials
The skill requests no declared credentials or env vars in the registry metadata, but runtime instructions and scripts require SAPCONET_TARGET (and in practice system SSH keys/agent or password access). This is proportionate to an SSH template but should be declared explicitly; the hard-coded default target IP/user is an unexplained element that the user must replace.
Persistence & Privilege
always is false, the skill does not request persistent or elevated platform privileges, and it does not modify other skills or global configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sapconet-ssh-bridge - 安装完成后,直接呼叫该 Skill 的名称或使用
/sapconet-ssh-bridge触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release
元数据
常见问题
SAPCONET SSH Bridge 是什么?
Standard SAPCONET SSH command templates for bird reads, Puppeteer runs, and inbox messaging workflows. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 472 次。
如何安装 SAPCONET SSH Bridge?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sapconet-ssh-bridge」即可一键安装,无需额外配置。
SAPCONET SSH Bridge 是免费的吗?
是的,SAPCONET SSH Bridge 完全免费(开源免费),可自由下载、安装和使用。
SAPCONET SSH Bridge 支持哪些平台?
SAPCONET SSH Bridge 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SAPCONET SSH Bridge?
由 Highlander89(@highlander89)开发并维护,当前版本 v0.1.0。
推荐 Skills