← 返回 Skills 市场
554
总下载
2
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install sonic-kvm-testbed
功能描述
Deploy and manage a SONiC sonic-mgmt KVM virtual testbed with cEOS neighbors for running pytest-based network tests. Use when setting up a local KVM testbed,...
安全使用建议
This instruction-only skill appears coherent for building a SONiC KVM testbed, but it recommends several insecure or high-privilege actions. Before using it: 1) Run the whole procedure inside an isolated VM or disposable host to avoid weakening a production machine. 2) Replace example passwords ('password', 'abc') and the practice of storing them in plaintext with stronger passwords and secure vaulting. 3) Avoid chmod 666 on /var/run/docker.sock — prefer adding the service account to the docker group or use limited sudo rules. 4) Prefer narrowly-scoped sudoers entries instead of NOPASSWD ALL. 5) Avoid sshpass/plaintext password files where possible; use SSH keys or an encrypted vault. 6) Verify any images/tarballs (cEOS, sonic-vs) come from trusted sources and confirm the github repo/PR mentioned is authentic. 7) Review and restrict any fix scripts (fix-configs.sh) before running; they modify ansible group_vars and can overwrite secrets. If you cannot run in an isolated environment, treat this skill as risky and consider manual, hardened steps instead.
功能分析
Type: OpenClaw Skill
Name: sonic-kvm-testbed
Version: 1.2.0
The skill bundle is designed to deploy a complex virtual network testbed, which inherently requires significant system access. However, it contains several critical security vulnerabilities: it instructs the agent to create users with hardcoded passwords and passwordless sudo access on the virtual DUT, and most critically, to set the Docker socket to world-writable (`sudo chmod 666 /var/run/docker.sock`) on the DUT. This last action allows any user or process to gain root privileges via Docker. While these actions are plausibly intended for automation and convenience within an isolated testbed, they represent severe security anti-patterns and vulnerabilities (not malicious intent) that could be exploited, making the bundle suspicious. These issues are present across `SKILL.md`, `references/credentials.md`, and `references/troubleshooting.md`.
能力评估
Purpose & Capability
SKILL name/description (SONiC KVM testbed) aligns with the actions in SKILL.md: cloning sonic-mgmt, preparing sonic-vs and cEOS images, running testbed-cli.sh, setting up bridges, and running pytest. No unrelated cloud credentials or external services are requested.
Instruction Scope
Runtime instructions directly perform system-level operations: setup management bridge, modprobe/qemu-nbd mounting of images, docker imports/pulls, and run various ansible/testbed scripts. They also instruct creating users on DUTs, adding NOPASSWD sudoers entries, using sshpass with plaintext password files, and running `chmod 666 /var/run/docker.sock` — operations that expand scope to modifying host and DUT security posture and persistently weaken privileges.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or executed by the skill package itself. This minimizes supply-chain/install risk, but the instructions will cause host changes when followed.
Credentials
The skill declares no required env vars or external credentials, which is appropriate, but the included references/scripts create and rely on many plaintext credentials and insecure defaults (passwords like 'password' and 'abc' in files, `group_vars/*` containing secrets, sshpass usage). It also recommends global privilege relaxations (NOPASSWD sudo entries, chmod 666 on docker socket) that are disproportionate unless run in an isolated test environment.
Persistence & Privilege
The skill is not force-included (always: false) and doesn't request platform-level persistence, but the documented steps create persistent artifacts (password.txt, modified ansible group_vars, changed sudoers entries, netplan file for br1) that alter system/DUT configuration across reboots. These persistent changes have real security implications and should be intentionally controlled.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sonic-kvm-testbed - 安装完成后,直接呼叫该 Skill 的名称或使用
/sonic-kvm-testbed触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Supersedes 1.1.0 - includes VS image update procedures, kickstart troubleshooting, credential docs, and latest fixes
v1.0.1
Re-publish
v1.1.0
Add VS image update procedure, kickstart troubleshooting, CI vs local build credential docs
v1.0.0
Initial release of sonic-kvm-testbed for deploying and managing a local SONiC kvm-based virtual testbed.
- Provides step-by-step instructions to deploy SONiC testbeds with cEOS and PTF containers for pytest-based network testing.
- Supports T0 and T1-LAG topologies, with multi-VRF convergence and reduced cEOS container count using `use_converged_peers: true`.
- Includes critical configuration file guidance, prerequisites, and post-deployment steps.
- Documents key troubleshooting tips and common pitfalls for stable testbed operation.
- Intended for users setting up, redeploying, or troubleshooting local virtual SONiC environments.
元数据
常见问题
SONiC KVM Testbed 是什么?
Deploy and manage a SONiC sonic-mgmt KVM virtual testbed with cEOS neighbors for running pytest-based network tests. Use when setting up a local KVM testbed,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 554 次。
如何安装 SONiC KVM Testbed?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sonic-kvm-testbed」即可一键安装,无需额外配置。
SONiC KVM Testbed 是免费的吗?
是的,SONiC KVM Testbed 完全免费(开源免费),可自由下载、安装和使用。
SONiC KVM Testbed 支持哪些平台?
SONiC KVM Testbed 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SONiC KVM Testbed?
由 Ying Xie(@yxieca)开发并维护,当前版本 v1.2.0。
推荐 Skills