VPS Health Auditor

Performs automated VPS health checks on CPU, memory, disk, network, and services, generating detailed Ollama-powered reports with recommendations.

This skill is basically a simple SSH-based healthcheck script but has packaging and documentation gaps you should address before using it on real servers. Actions to consider before installing or running: 1) Ask the author for the missing report/template and for concrete instructions showing how Ollama is called and where reports are stored or transmitted. 2) Confirm required tooling (ssh, systemctl, top, df, free, ip/ifconfig) are declared. 3) Never provide your long-term private key to a third-party agent; prefer using a temporary key or running the script yourself locally and pasting non-sensitive output. 4) Remove or justify -o StrictHostKeyChecking=no to avoid MITM risk, and prefer verifying host keys. 5) Test on a non-production server first. 6) If you plan to let the agent run autonomously, be aware it could use any credentials you give it to access servers — only grant least privilege and short-lived credentials. If the author cannot explain the missing Ollama integration and the absent template, treat the package as incomplete and avoid handing over secrets.

Type: OpenClaw Skill Name: vps-health-auditor Version: 1.0.0 The skill bundle's `scripts/healthcheck.sh` executes diagnostic commands on a remote server via SSH. It is classified as 'suspicious' due to two key vulnerabilities: 1) It uses `-o StrictHostKeyChecking=no`, which disables host key verification and makes the SSH connection vulnerable to Man-in-the-Middle attacks. 2) The script directly interpolates user-provided variables (`$HOST`, `$USER`, `$KEY`) into the `ssh` command without sanitization, creating a potential shell injection vulnerability if the OpenClaw agent does not adequately sanitize these inputs before passing them to the script. There is no evidence of intentional malicious behavior like data exfiltration or persistence.