← 返回 Skills 市场
223
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install sparkey
功能描述
Provides time-limited, self-revoking SSH access for AI agents using certificate TTL, user expiry, forced command restrictions, and scheduled automated cleanup.
安全使用建议
This skill appears to do what it says: it creates short‑lived SSH sessions by generating keys/certificates, provisioning local helper accounts and cleanup jobs, then revoking them. However, it must be run as root and it creates a persistent CA private key on the operator host — if that key is compromised, attackers can mint certificates for any server trusting that CA. Before installing/using: (1) review the scripts line-by-line and test in a disposable VM; (2) run setup-ca.sh on a dedicated, hardened operator host (or HSM) and restrict access to /etc/ssh/agent_ca; (3) prefer dry-run mode and audit logs; (4) never run on a production host without approval — the scripts modify users, systemd/at jobs, and /usr/local; (5) require explicit human confirmation before any agent-initiated grant operation. If you are uncomfortable running root-level scripts supplied by an unknown source, do not install or run them.
功能分析
Type: OpenClaw Skill
Name: sparkey
Version: 1.2.1
The 'sparkey' skill bundle provides a robust framework for granting temporary, restricted SSH access to AI agents using a defense-in-depth approach (certificate TTL, OS account expiry, and a restricted dispatch shell). Analysis of scripts like grant-access.sh and the restricted shell logic shows intentional security controls, such as input sanitization against shell metacharacters, path traversal checks using readlink -f, and automated cleanup via at or systemd-run. The code is well-documented, lacks any evidence of data exfiltration or unauthorized persistence, and aligns perfectly with its stated purpose of providing auditable, time-boxed access.
能力评估
Purpose & Capability
Name/description (temporary, self-revoking SSH access) match the shipped assets: scripts to create a CA, generate keys/certificates, create short‑lived local agent_support_* accounts, schedule cleanup, and revoke sessions. Required binaries listed in SKILL.md (ssh-keygen, useradd/usermod/userdel, at/systemd-run, etc.) align with the stated purpose.
Instruction Scope
SKILL.md and scripts explicitly require running as root and perform system-wide operations: create/delete local accounts, write files to /etc/ssh and /usr/local/{bin,sbin}, schedule at/systemd jobs, and write to /var/log. Those actions are central to the stated purpose, but they are high-impact operations and must be run only on an operator host you control. The agent flow describes user consent before modifying targets, which helps but relies on correct operator behavior.
Install Mechanism
No external install/download URLs or package installs are embedded in the skill. The package is instruction-only with local scripts included; this is lower install risk than fetching remote archives. Dependencies are standard OS binaries documented in SKILL.md.
Credentials
The skill requests no environment variables or external credentials. It does create and persist a CA private key under /etc/ssh (documented as an operator-side persistent credential). That persistence is necessary for CA-based signing but is highly sensitive (see guidance).
Persistence & Privilege
The scripts require root and create persistent artifacts (CA private key in /etc/ssh, files under /usr/local, a log under /var/log). This is coherent with the purpose but grants significant local privilege while the CA key exists — compromising the CA would let an attacker mint valid certs for trusted targets. always:false (not force-installed) reduces risk; model invocation is allowed by default, which means an agent could attempt to run these steps, so operator consent and manual execution controls are important.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sparkey - 安装完成后,直接呼叫该 Skill 的名称或使用
/sparkey触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.1
- Added new script: scripts/audit.sh to the project.
- Incremented version to 1.0.2.
v1.0.1
- Switched license file from LICENSE.txt to LICENSE.md (no content change to license).
- Documentation updated for clarity: emphasizes that zero session artifacts (accounts, keys, certs, cleanup timers) remain after session ends or TTL expiry.
- Made security considerations explicit for CA private key persistence.
- No functional or behavioral changes to code.
v1.0.0
- Initial release of Sparkey: provides secure, time-limited SSH access for AI agents.
- Implements four-layer defense-in-depth: certificate TTL, OS account expiry, command-restricted dispatch, and automated cleanup.
- No credentials persist after session ends; all key material is destroyed post-use.
- Supports both key and CA-based SSH authentication with expiration and access control.
- Designed with crash safety and user oversight; integrates dead-man timers to auto-revoke access.
- Platform support and required toolchains clearly documented for fast adoption.
元数据
常见问题
Sparkey 是什么?
Provides time-limited, self-revoking SSH access for AI agents using certificate TTL, user expiry, forced command restrictions, and scheduled automated cleanup. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 223 次。
如何安装 Sparkey?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sparkey」即可一键安装,无需额外配置。
Sparkey 是免费的吗?
是的,Sparkey 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Sparkey 支持哪些平台?
Sparkey 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sparkey?
由 Neo(@sanjeevneo)开发并维护,当前版本 v1.2.1。
推荐 Skills