← 返回 Skills 市场
361
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ssh-server
功能描述
SSH remote connection and operation for servers (Linux/Unix cloud servers, etc.)
安全使用建议
Do not trust or run the Python helper commands until you inspect the code. The skill references a local script (D:\openClaw\openclaw\config\ssh_config.py and config/ssh_config.py) and a local storage file (servers.json) but does not include that script — verify what that script does, how it encrypts passwords, and where encryption keys are stored. Avoid using StrictHostKeyChecking=no (it disables host key verification and risks MITM). Prefer SSH keys over passwords. If you plan to let the agent run SSH commands, ensure you trust the skill owner and understand how credentials will be provided and protected; if you cannot inspect the helper script, treat this skill as untrusted and do not store secrets for it.
功能分析
Type: OpenClaw Skill
Name: ssh-server
Version: 1.0.0
The skill bundle relies on an external Python script (ssh_config.py) located at a hardcoded absolute path (D:\openClaw\openclaw\config\ssh_config.py) that is not included in the package. This script is responsible for handling and 'encrypting' sensitive server credentials, making its actual security behavior unverifiable. Additionally, the instructions in SKILL.md suggest using 'StrictHostKeyChecking=no', which disables a fundamental SSH security mechanism and exposes the user to Man-in-the-Middle (MITM) attacks.
能力评估
Purpose & Capability
The name and description (remote SSH management) match the commands and operations described (ssh, ssh-keygen, systemctl, docker, journalctl). However the SKILL.md repeatedly instructs use of a local Python helper (D:\openClaw\openclaw\config\ssh_config.py or python config/ssh_config.py) and a local config path (D:\openClaw\openclaw\config\servers.json) even though no code files for that helper are included in the skill and the registry metadata lists no required binaries. That dependency on a local, non-provided script is inconsistent with an instruction-only skill and could confuse users or hide where secrets are stored.
Instruction Scope
Instructions tell the user/agent to store encrypted passwords locally at a specific path and to run a non-included Python script to add/connect servers. The doc also recommends ssh -o StrictHostKeyChecking=no (disables host key verification), which weakens security and can enable MITM attacks. The skill claims passwords are 'encrypted and stored locally' but provides no details or code to verify encryption, key management, or where the encryption keys are kept. The agent is instructed to prompt the user to run local commands and to connect using stored credentials; these behaviors require trust in the missing local script.
Install Mechanism
No install spec and no code files — the skill is instruction-only, which minimizes direct installation risk. However, the instructions assume the existence of a local Python helper script that is not part of the package (a potential gap but not an installer risk).
Credentials
The skill requires no environment variables or external credentials in its registry metadata, which is consistent with an instruction-only SSH helper. However it asks users to store encrypted passwords locally in a specific file path and to run a local Python script to manage them; requiring storage of sensitive credentials is reasonable for an SSH helper but is disproportionate here because the skill does not provide or document the code that performs encryption, nor explain key management. That lack of transparency around secret handling is a red flag.
Persistence & Privilege
always is false (normal). The SKILL.md header includes requires: ["ssh"] and allowed-tools: Bash(ssh:*), implying the agent may be permitted to run ssh commands; the registry's top-level requirements list no required binaries, creating a small mismatch. Autonomous invocation is allowed by default — combined with the agent's ability to run ssh, this increases impact if the agent gets credentials or if the missing local helper is present on disk. This is not inherently malicious but worth noting before enabling autonomous runs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ssh-server - 安装完成后,直接呼叫该 Skill 的名称或使用
/ssh-server触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
SSH Server 是什么?
SSH remote connection and operation for servers (Linux/Unix cloud servers, etc.). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 361 次。
如何安装 SSH Server?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ssh-server」即可一键安装,无需额外配置。
SSH Server 是免费的吗?
是的,SSH Server 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
SSH Server 支持哪些平台?
SSH Server 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SSH Server?
由 XingFaLin(@xingfalin)开发并维护,当前版本 v1.0.0。
推荐 Skills