← 返回 Skills 市场
jonathan97480

SSH Handoff

作者 Jonathan97480 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
116
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install ssh-handoff
功能描述
Create and reuse a secure shared terminal handoff when a human must authenticate first and the agent must resume work in the same shell session afterward. Us...
安全使用建议
This skill appears to implement what it says, but take these precautions before using it: - Verify provenance: the package has no homepage and an unknown source; review all included scripts yourself before running. - Ensure required binaries (tmux, ttyd, node, python3) are installed from trusted packages; the registry metadata does not list them even though SKILL.md and scripts require them. - Never bind the proxy to a public interface or 0.0.0.0 unless you explicitly accept the risk; prefer 127.0.0.1 or a restricted LAN address. - When using LAN mode set EXPECTED_HOST/EXPECTED_ORIGIN and/or CLIENT_IP to restrict access, and apply firewall rules (UFW_ALLOW_CMD shown by the launcher). - Treat the one-shot URL/token as sensitive and deliver it to the human out-of-band (not via public chat). - Confirm the tmux pane state with tmux capture-pane before the agent issues any commands. - Run the scripts in a controlled environment (non-production host or with a retained snapshot) until you’ve audited them. If you want higher confidence, ask the publisher for source provenance or a signed release, or run the scripts in an isolated test VM to observe behavior before using on important hosts.
功能分析
Type: OpenClaw Skill Name: ssh-handoff Version: 1.0.1 The skill provides a mechanism for an AI agent to resume work in a terminal session after a human has performed sensitive authentication, using tmux and ttyd. It includes a Node.js proxy (scripts/url-token-proxy.js) and launchers (scripts/start-url-token-web-terminal.sh) that implement security features such as one-shot URL tokens, IP-based access filtering, Host/Origin header validation, and automatic TTL-based cleanup. While the code is well-documented and includes defensive instructions for the agent in SKILL.md, the core functionality of exposing a shell session via a web interface (even if restricted to localhost or LAN) is an inherently high-risk capability. Per the analysis criteria, such risky capabilities are classified as suspicious even when they align with the stated purpose and lack evidence of malicious intent.
能力评估
Purpose & Capability
The skill's name and description match the included scripts and instructions: it needs tmux, ttyd, node, and python3 to implement local/LAN web terminals that hand off a tmux session. However, the registry metadata lists no required binaries or env vars while SKILL.md and the scripts clearly require several runtime binaries and read multiple environment variables — that metadata mismatch is an inconsistency you should verify before install.
Instruction Scope
SKILL.md limits actions to creating/attaching tmux sessions, launching the bundled launchers, capturing the pane, and printing connection/cleanup info. The instructions explicitly warn against public exposure, prompt to verify pane state before continuing, and do not instruct reading unrelated files or exfiltrating secrets.
Install Mechanism
There is no install spec (instruction-only at registry level) and the code files are bundled with the skill. No remote downloads or extract-from-URL steps appear in the package, which reduces installation risk. The included scripts spawn background processes and write to /tmp and a temporary runtime dir — expected for this functionality.
Credentials
The registry declares no required env vars or credentials, but the scripts rely on many runtime environment variables (HOST, PORT, CLIENT_IP, TTL_MINUTES, EXPECTED_HOST/ORIGIN, COOKIE_SECURE, ACCESS_TOKEN via internally generated values, etc.). None are secret credentials for external services, but the metadata omission is a proportionality/information gap you should confirm.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It spawns ephemeral background processes (ttyd, Node proxy), writes temp state files, and installs a TTL-based cleanup — behavior is scoped to its purpose and documented. Be aware these processes bind network ports and remain until TTL expiry or cleanup.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ssh-handoff
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ssh-handoff 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Initial public release of ssh-handoff Added human-auth-first terminal handoff workflow using tmux Added plain tmux handoff mode Added local browser terminal mode using ttyd Added LAN-restricted browser terminal mode with one-shot token proxy Added TTL-based automatic cleanup for temporary processes and runtime files Added session cookie flow and one-shot token URL handling Added optional trusted client IP restriction for LAN access Added expected Host and websocket Origin checks in the proxy Added FORBID_REUSE_IF_AUTHENTICATED safeguard Added explicit approval flow before replacing an existing live session Added conflict handling for existing sessions and occupied ports Added stronger security documentation and external-channel guardrails Added publication cleanup for generic examples and repository documentation
v1.0.0
ssh-handoff 1.0.0 - Initial release. - Provides secure terminal handoff using shared tmux sessions, supporting scripted and browser-based workflows. - Three modes: plain tmux handoff, local browser terminal (via ttyd), and LAN-restricted browser terminal with one-shot tokens. - Includes bundled launcher scripts for each workflow and detailed environment variable support for configuration. - Emphasizes local/LAN-only exposure, avoids credential sharing in chat, and enforces short-lived, single-use access for browser modes. - Includes robust guardrails, usage examples, cleanup instructions, and pane state capture to ensure session integrity and security.
元数据
Slug ssh-handoff
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

SSH Handoff 是什么?

Create and reuse a secure shared terminal handoff when a human must authenticate first and the agent must resume work in the same shell session afterward. Us... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 116 次。

如何安装 SSH Handoff?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ssh-handoff」即可一键安装,无需额外配置。

SSH Handoff 是免费的吗?

是的,SSH Handoff 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

SSH Handoff 支持哪些平台?

SSH Handoff 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 SSH Handoff?

由 Jonathan97480(@jonathan97480)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论