← Back to Skills Marketplace
rauto-usage
by
demohiiiii
· GitHub ↗
· v0.2.3
· MIT-0
294
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install rauto-usage
Description
Execute rauto directly for the user: run device commands, template execution, tx block, tx workflow, multi-device orchestration, replay, backup/restore, and...
Usage Guidance
This skill appears to be what it says — a playbook for running the 'rauto' CLI and guiding the agent to execute operations (including multi-device orchestration and backup/restore). Before installing or enabling it, consider the following: 1) The SKILL.md assumes a local 'rauto' binary and access to ~/.rauto (saved connections, records, backups), but the metadata does not declare the rauto binary or config-path access; confirm the runtime environment actually has the rauto CLI and inspect where saved connections/backups live. 2) Saved connections or the --save-password flow can hold plaintext or locally stored credentials — avoid instructing the agent to save passwords, and prefer providing per-operation credentials explicitly when needed. 3) Rely on dry-run (--dry-run) and the skill's required confirmation for destructive actions; do not give blanket permission to run replace/restore or broad orchestrations without human review. 4) If you are not comfortable with an agent that can execute local CLI commands against your devices, do not enable autonomous invocation; require manual confirmation for any change actions and review any proposed tx/workflow/orchestrate plans before allowing execution. 5) If you need higher assurance, ask the skill author for a source/homepage and for the metadata to explicitly declare the required 'rauto' binary and any config paths it will read.
Capability Analysis
Type: OpenClaw Skill
Name: rauto-usage
Version: 0.2.3
The `rauto-usage` skill bundle provides an AI agent with powerful network automation capabilities via the `rauto` CLI, including remote command execution (`rauto exec`), multi-device orchestration, and local file system management for backups and templates. While the instructions in `SKILL.md` and `references/agent-execution.md` include safety guardrails like confirmation for destructive actions, the bundle inherently possesses high-risk capabilities such as the ability to restore and replace system-wide backups (`rauto backup restore --replace`) and start a local web server (`rauto web`). These features, while aligned with the tool's stated purpose, constitute a significant attack surface for potential abuse or prompt injection without evidence of direct malicious intent.
Capability Assessment
Purpose & Capability
The skill's stated purpose is to execute rauto operations and the SKILL.md and reference files are tightly focused on running rauto CLI commands, tx/workflow/orchestrate flows, backups, and saved connections. That purpose aligns with the content. However, the metadata declares no required binaries or config paths even though the instructions assume a local 'rauto' CLI and access to runtime paths (e.g., ~/.rauto). The absence of a required-binary declaration is an inconsistency (could be an oversight) and the source/homepage are unknown.
Instruction Scope
The runtime instructions explicitly direct the agent to execute arbitrary rauto commands (including config-changing commands, orchestrations, and backup/restore) and to read/use saved connections, record files, backups, and templates. The references name exact filesystem locations (~/.rauto/*) and suggest using saved connections and potentially saved passwords. While the skill mandates confirmation for many destructive actions, it also directs 'Do not ask the user to manually run commands if agent can run them' and will execute read-only commands immediately and change commands when explicitly requested. This means the agent may read local files that can contain credentials and then execute commands that affect network devices. The instructions do not limit the agent from reading local saved connection files or backups when present.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — the lowest-risk install footprint. Nothing will be downloaded or written by an installer. The primary runtime risk comes from the agent executing local commands described in the documentation, not from any bundled code.
Credentials
The skill declares no required environment variables or primary credential, which is consistent with being instruction-only. However, the instructions rely on user-supplied credentials or saved connections stored under ~/.rauto (connection files, saved passwords, backups, records). That means the agent may request or read secrets from local saved-connection files or ask the user to enter credentials. The metadata does not call out access to those local config paths, which is a proportionality mismatch: the skill will operate on sensitive data but didn't declare config access explicitly.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is allowed (the platform default). Autonomous invocation combined with the ability to execute CLI commands increases the impact radius if the agent is allowed to act without explicit human confirmation. The skill itself requires confirmation for many destructive actions, which mitigates but does not remove the risk — this is a design choice rather than a secret privilege escalation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install rauto-usage - After installation, invoke the skill by name or use
/rauto-usage - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.3
- Refined execution and safety rules, focusing on direct operation and rollback-aware planning.
- Removed install/upgrade implementation and instructions from core logic and references.
- Added orchestration risk review reference (references/orchestration-risk-check.md); removed install reference.
- Unified missing input prompts and clarified command execution order and confirmation policies.
- Improved criteria for destructive actions and introduced pre-flight review step for orchestration.
v0.2.2
- Refined agent behavior to prioritize direct execution of rauto operations over tutorial-style guidance.
- Added explicit classification and handling for install/setup, read-only, and config-changing requests.
- Implemented risk guardrails, requiring user confirmation for destructive actions and ambiguous upgrade/reinstall requests.
- Improved decision-making for install paths, favoring GitHub Releases binaries by default and only using source builds on explicit user request.
- Enhanced summary and response format, returning only key results after execution, along with exact commands run and follow-up notes.
- Clarified agent's input collection strategy, now prompting only for must-have missing information per action type.
Metadata
Frequently Asked Questions
What is rauto-usage?
Execute rauto directly for the user: run device commands, template execution, tx block, tx workflow, multi-device orchestration, replay, backup/restore, and... It is an AI Agent Skill for Claude Code / OpenClaw, with 294 downloads so far.
How do I install rauto-usage?
Run "/install rauto-usage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is rauto-usage free?
Yes, rauto-usage is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does rauto-usage support?
rauto-usage is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created rauto-usage?
It is built and maintained by demohiiiii (@demohiiiii); the current version is v0.2.3.
More Skills