← 返回 Skills 市场
230
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install server-audit
功能描述
Reads server hardware, Proxmox/Linux OS info, temperatures, SMART status, ECC errors, RAID, disks, network stats, services, and logs without making changes.
安全使用建议
This skill appears to genuinely perform a read-only server audit, but pay attention to three practical risks before installing/using it: (1) Credentials: the prompts expect root SSH access yet the skill declares no required credential fields — decide how you will supply SSH keys/passwords and avoid giving access to unknown agents. (2) Sensitive output persistence: the skill saves audit reports to a hard-coded local path (/DATA/local_database/…) which could be synced or accessible to others — ensure that path is secure or change it before use. (3) Scope & privacy: the commands collect logs and login history (journalctl, dmesg, lastb) which may contain secrets/PII; only run against hosts you control or have explicit permission to audit. Recommended actions: test on a non-production host first, require the human operator to supply the target and credentials at runtime, review and sanitize saved reports, and avoid enabling autonomous invocation for this skill unless you trust the environment and the skill owner (owner is unknown). If the platform supports it, ask the skill author to declare required credential inputs (SSH key or credential handle) and to make the save path configurable.
功能分析
Type: OpenClaw Skill
Name: server-audit
Version: 1.0.0
The skill is a comprehensive diagnostic tool for Linux and Proxmox servers that requires high-privilege 'root' SSH access to execute a wide array of system commands (e.g., smartctl, dmidecode, journalctl). While the instructions in SKILL.md and the reference files (linux-audit.md, proxmox-audit.md) are aligned with the stated purpose of a 'Server Audit' and include explicit 'read-only' rules, the broad access to sensitive system logs, hardware configurations, and network statistics constitutes a high-risk capability. Furthermore, it instructs the agent to save collected data to a specific local path (/DATA/local_database/), which could facilitate unauthorized data aggregation if the agent is misused.
能力评估
Purpose & Capability
Name/description (server hardware, SMART, ECC, RAID, logs, Proxmox) align with the commands and prompts in SKILL.md and the reference files — the commands shown are exactly what a read-only server audit would run.
Instruction Scope
Instructions are explicit about only reading state and provide many safe, read-only commands. They request sensitive data (journalctl, dmesg, last/lastb, smartctl output, dmidecode) which is expected for an audit but does mean the skill will collect potentially sensitive logs and user/login info. The skill also instructs the agent to save audit results into a local Obsidian-like path (/DATA/local_database/...), which goes beyond pure remote reading and introduces local persistence of potentially sensitive data.
Install Mechanism
No install spec or external downloads — instruction-only skill with no code files. Low install risk because nothing is fetched or written during installation.
Credentials
SKILL.md assumes the ability to ssh as root@HOST (and to run root-level commands like dmidecode, journalctl, ipmitool, storcli, smartctl) but the registry metadata declares no required credentials or auth mechanism. The skill does not declare how SSH credentials/keys are provided or whether private keys will be used. Hard-coded local save paths (/DATA/local_database/...) are also assumed without justification and may expose audit outputs to other systems if that path is synced/backed-up.
Persistence & Privilege
always:false (good). Skill does not install or claim persistent presence, but it explicitly instructs saving audit reports into a local vault path — this creates persistent local artifacts containing sensitive findings. The skill does not modify other skills or system-wide configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install server-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/server-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of server-audit skill.
- Provides read-only server audit procedures for Proxmox and Linux systems via SSH.
- Defines clear command blocks for checking hardware, OS, temperatures, SMART, RAID, memory errors, disks, network status, logs, and security.
- Ensures no destructive or modifying commands are run (audit is strictly read-only).
- Commands and audit steps are separated for Proxmox and regular Linux servers with a detection step.
- Output format for requests is standardized for copy-paste SSH execution.
元数据
常见问题
Server Audit 是什么?
Reads server hardware, Proxmox/Linux OS info, temperatures, SMART status, ECC errors, RAID, disks, network stats, services, and logs without making changes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 230 次。
如何安装 Server Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install server-audit」即可一键安装,无需额外配置。
Server Audit 是免费的吗?
是的,Server Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Server Audit 支持哪些平台?
Server Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Server Audit?
由 Sergey(@polumish)开发并维护,当前版本 v1.0.0。
推荐 Skills