← 返回 Skills 市场
808
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install server-maintenance
功能描述
Automates server maintenance by checking disk usage, cleaning caches, optimizing resources, and supporting local and remote multi-server batch operations.
安全使用建议
This skill largely implements its stated maintenance tasks, but has a few red flags you should address before running it on production systems:
1) Inspect and edit servers.json and maintain-all.sh: both contain hard-coded remote IPs. Remove or replace them with only servers you control. The bundled maintain-all.sh currently will attempt SSH to those addresses.
2) Root SSH & host-key checking: scripts use ssh root@host and maintain-all.sh sets StrictHostKeyChecking=no. That bypasses host authenticity checks; change this and avoid automatic root access unless you intentionally want it. Prefer connecting as a non-root user with sudo where possible.
3) Verify backup behavior: SKILL.md claims automatic backups of key configs, but the scripts do not perform backups. Add an explicit backup step (and test it) before any destructive operations.
4) Use dry-run and test in an isolated environment: cleanup.sh has a dry-run mode — use it first. Test everything on a disposable VM to confirm effects before running on production.
5) Code review: the scripts run rm -rf on cached directories and perform remote commands. Read and understand each command, and lock down who/what can invoke the skill (do not enable autonomous scheduled runs until you trust it).
6) Source verification: the skill's source is 'unknown' and the package.json points to a GitHub repo — if you plan to use this, verify the upstream repository and its history.
If you want, I can produce a hardened version of these scripts that:
- reads servers from a user-managed config and refuses to run against unknown hosts,
- enforces StrictHostKeyChecking and key-based auth only,
- performs safe backups before changes,
- runs cleanup actions under a non-root account with sudo prompts.
Confidence: high — the scripts are readable and the risky elements (hard-coded IPs, root SSH, disabled host-key checking, missing backups) are concrete and observable.
功能分析
Type: OpenClaw Skill
Name: server-maintenance
Version: 1.0.0
The skill's stated purpose is legitimate server maintenance. However, it is classified as suspicious due to critical security vulnerabilities. The `maintain-all.sh` script explicitly disables `StrictHostKeyChecking` for SSH connections, making it highly vulnerable to Man-in-the-Middle attacks and potential remote code execution on the target servers (e.g., `43.163.225.27`, `43.167.192.145`). Furthermore, `check.sh`, `cleanup.sh`, and `maintain-all.sh` use `root` SSH access and lack robust input sanitization for the `SERVER_HOST` argument, posing a shell injection risk if the agent's input is compromised.
能力评估
Purpose & Capability
The scripts (check.sh, cleanup.sh, maintain-all.sh) implement disk checks, cache cleanup and multi-server SSH operations that match the described purpose. Minor inconsistency: registry metadata lists no required binaries, but SKILL.md lists dependencies (bash, ssh, du, df, npm). Functionality generally aligns with the stated purpose.
Instruction Scope
The runtime instructions and scripts will operate as root (ssh root@host and inspect /root), run remote commands, and remove cached directories. The SKILL.md promises safety measures (backups, only cleaning safe caches, dry-run) but the scripts do not implement a pre-operation backup step and only partially implement dry-run behavior. maintain-all.sh directly attempts SSH to hard-coded IPs; check.sh and cleanup.sh inspect /root and other privileged locations. These behaviors expand scope to high-privilege host-level operations.
Install Mechanism
No install spec (instruction-only skill with bundled scripts). Nothing is downloaded or executed from external URLs during install — lower install-time risk. The presence of local script files means code will run on the host when invoked.
Credentials
No environment variables or credentials are declared, but the scripts require SSH access as root to remote hosts. The skill ships with a servers.json and maintain-all.sh hard-coded with external IP addresses (43.163.225.27 and 43.167.192.145). maintain-all.sh disables StrictHostKeyChecking (ssh -o StrictHostKeyChecking=no) which weakens host authenticity checks. Asking for root SSH access and embedding remote IPs without clearly asking the user to confirm them is disproportionate and risky.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent platform privileges or modify other skills. Autonomous invocation is allowed (default), which is normal — combine that with the high-privilege SSH actions in other dimensions when deciding whether to enable autonomous runs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install server-maintenance - 安装完成后,直接呼叫该 Skill 的名称或使用
/server-maintenance触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of automated server maintenance skill:
- Automates disk usage checks, cache cleanup, and system optimization.
- Supports batch operations across multiple servers via SSH.
- Provides clear maintenance reports, including before/after disk usage and total space freed.
- Offers safe defaults: only known cache is cleaned, config backups, and dry-run mode.
- Easy integration with OpenClaw scheduling and supports flexible configuration.
元数据
常见问题
Server Maintenance 是什么?
Automates server maintenance by checking disk usage, cleaning caches, optimizing resources, and supporting local and remote multi-server batch operations. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 808 次。
如何安装 Server Maintenance?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install server-maintenance」即可一键安装,无需额外配置。
Server Maintenance 是免费的吗?
是的,Server Maintenance 完全免费(开源免费),可自由下载、安装和使用。
Server Maintenance 支持哪些平台?
Server Maintenance 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Server Maintenance?
由 2233admin(@2233admin)开发并维护,当前版本 v1.0.0。
推荐 Skills