← 返回 Skills 市场
331
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install vps-command-runner
功能描述
Run commands across multiple VPS simultaneously. Execute SSH commands, deploy updates, check logs, and manage services across all your servers from one place...
安全使用建议
This skill will run arbitrary SSH commands on multiple servers, which fits its purpose, but it currently encourages insecure practices: it asks you to hardcode a username/password in the scripts, uses sshpass, and disables SSH host-key checking. Before installing or using it: (1) do not paste real passwords into these files — remove PASS and use SSH key auth or an SSH agent; (2) prefer key-based auth (ssh -i /path/to/key) and use ssh-copy-id to deploy keys; (3) re-enable host key checking or explicitly manage known_hosts to avoid MITM risk; (4) validate or install required binaries (ssh, sshpass if you insist, docker) and update the skill metadata to declare them; (5) inspect and run the scripts in a safe environment (non-production) first; (6) consider using established tools (Ansible, parallel-ssh) that handle credentials and auditing more securely. If you cannot or will not change the scripts to use keys and proper host verification, treat this skill as unsafe for production credentials or sensitive servers.
功能分析
Type: OpenClaw Skill
Name: vps-command-runner
Version: 1.0.0
The skill bundle provides scripts (run-all.sh, run.sh, status.sh) that facilitate remote command execution across multiple servers using sshpass with plaintext credentials and the 'StrictHostKeyChecking=no' flag. This implementation is highly insecure as it exposes passwords in the process list/files and bypasses SSH host identity verification, making the system vulnerable to Man-in-the-Middle attacks. While these are functional vulnerabilities rather than intentional malware, the high-risk nature of managing a VPS fleet with such insecure methods warrants a suspicious classification.
能力评估
Purpose & Capability
Name/description: manage multiple VPS via SSH — matches the included scripts which run remote commands and check status. However the registry metadata declares no required binaries or credentials while the scripts rely on ssh, sshpass and docker being available and require a username/password. Omitting those requirements in metadata is an incoherence and reduces visibility for users.
Instruction Scope
SKILL.md and scripts instruct the user to insert USER and PASS directly into script files (plaintext credentials), use sshpass, and use '-o StrictHostKeyChecking=no' which suppresses host key verification. Scripts also read local system files (hostname, /proc/loadavg) and run docker commands locally and remotely — these are plausible for a health-check tool but the instructions give broad discretion and encourage insecure credential handling.
Install Mechanism
There is no install spec (instruction-only), which is low friction and expected for simple script bundles. However the scripts call sshpass, ssh and docker without declaring them; the skill does not provide guidance to install these tools or validate their presence. That's a usability and safety gap but not an explicit supply-chain risk.
Credentials
The skill requests that users place credentials (PASSWORD) directly into scripts rather than using declared environment variables, secrets, or SSH keys. No environment variables are declared in metadata despite the need for sensitive credentials — this is disproportionate and increases risk of accidental credential leakage.
Persistence & Privilege
always:false and user-invocable:true — the skill does not request permanent or privileged presence in the agent. It does not modify other skills or system-wide config. This aspect is appropriate.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vps-command-runner - 安装完成后,直接呼叫该 Skill 的名称或使用
/vps-command-runner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of VPS Command Runner.
- Run commands simultaneously across multiple VPS via SSH.
- Scripts for running commands on all or specific servers, status checks, and update deployments.
- Supports both password and SSH key authentication.
- Easily manage and monitor distributed services from one place.
元数据
常见问题
VPS Command Runner 是什么?
Run commands across multiple VPS simultaneously. Execute SSH commands, deploy updates, check logs, and manage services across all your servers from one place... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 331 次。
如何安装 VPS Command Runner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vps-command-runner」即可一键安装,无需额外配置。
VPS Command Runner 是免费的吗?
是的,VPS Command Runner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
VPS Command Runner 支持哪些平台?
VPS Command Runner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 VPS Command Runner?
由 chmikiro(@chmikiro)开发并维护,当前版本 v1.0.0。
推荐 Skills