← 返回 Skills 市场
244
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install tonic-vm-check
功能描述
🖥️ Instant VM health checks — no config needed after first run. Point it at any Docker-based Linux server and get a clean report covering CPU, memory, disk,...
安全使用建议
This skill appears to do what it says, but take these precautions before installing/using it:
- Do not store private key material in project files. The skill saves the SSH key path to TOOLS.md; avoid writing actual private keys and consider not storing the path in a repo (add TOOLS.md to .gitignore or keep credentials out of the workspace). Prefer passing VM_HOST/VM_USER/SSH_KEY as environment variables at runtime.
- Host-key verification is disabled (ssh -o StrictHostKeyChecking=no). That avoids interactive prompts but increases MITM risk — consider verifying host keys manually or removing the option.
- The cleanup section runs docker image prune -af and docker builder prune -f automatically; these can free space but are destructive to unused images/cache. The SKILL.md warns about not running docker system prune -af, but still confirm before running cleanup on production systems.
- The script suppresses stderr (2>/dev/null) in many remote commands which can hide errors. If something looks wrong, run the underlying commands manually on the host to inspect full output.
- The DB size checks attempt to connect without credentials (root with empty password); if your containers require credentials, the script will note that and skip — but do not add credentials to TOOLS.md in plaintext.
- Review the included script (scripts/vm-check.sh) yourself before running and test in a safe environment. If you need stronger safeguards, modify the script to enforce host-key checking, avoid writing connection info to disk, and require explicit confirmation before any pruning operations.
功能分析
Type: OpenClaw Skill
Name: tonic-vm-check
Version: 1.0.2
The skill is classified as suspicious due to potential command injection vulnerabilities and insecure handling of sensitive credentials. The script `scripts/vm-check.sh` constructs shell commands using unsanitized environment variables (`VM_HOST`, `VM_USER`, `SSH_KEY`), which could allow for local command execution if the agent is provided with malicious input. Additionally, `SKILL.md` instructs the agent to store sensitive SSH private key paths in `TOOLS.md`, and the script explicitly disables SSH host key verification (`StrictHostKeyChecking=no`), increasing the risk of man-in-the-middle attacks.
能力评估
Purpose & Capability
The name/description match the implementation: the script SSHes to a Docker-based VM and gathers system, Docker, and DB metrics and can prune images/build cache. No unrelated credentials or services are requested.
Instruction Scope
SKILL.md instructs the agent to read and append VM_HOST, VM_USER, and SSH_KEY (path) to TOOLS.md in the workspace. Persisting VM connection details in a project file is a design choice but can leak hostnames and key paths; the script then performs remote docker/mysql/psql commands and may run destructive cleanup when 'cleanup' is selected. The instructions suppress stderr in several places which can hide errors.
Install Mechanism
No install spec; this is instruction-only with a single included bash script. Nothing is downloaded or written to disk by an installer step beyond the requested TOOLS.md edit.
Credentials
The skill declares no required env vars but expects VM_HOST, VM_USER, and SSH_KEY at runtime (and asks to save them to TOOLS.md). Those variables are expected for SSH-based checks; however storing the SSH_KEY path in a workspace file and relying on an on-disk private key has privacy implications. The script uses ssh -i <key> so the private key file will be used by the SSH client (expected for SSH access).
Persistence & Privilege
always:false and normal invocation. The only persistent behavior is appending connection info to TOOLS.md (the skill does not modify other skills or global agent settings). Persisting host/key info in a repository/workspace file is potentially sensitive and should be managed (e.g., .gitignore or avoid storing key paths).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tonic-vm-check - 安装完成后,直接呼叫该 Skill 的名称或使用
/tonic-vm-check触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Improved ClawHub description — clearer use cases and trigger phrases
v1.0.1
Auto-configure VM details: reads from TOOLS.md, prompts user once if missing, saves for future use
v1.0.0
Initial release: Docker VM health check via SSH — system, containers, DB sizes, disk, cleanup
元数据
常见问题
VM Health Check 是什么?
🖥️ Instant VM health checks — no config needed after first run. Point it at any Docker-based Linux server and get a clean report covering CPU, memory, disk,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 244 次。
如何安装 VM Health Check?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tonic-vm-check」即可一键安装,无需额外配置。
VM Health Check 是免费的吗?
是的,VM Health Check 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
VM Health Check 支持哪些平台?
VM Health Check 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 VM Health Check?
由 tonylnng(@tonylnng)开发并维护,当前版本 v1.0.2。
推荐 Skills