← Back to Skills Marketplace
alltomatos

Setup Automatik

by alltomatos · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1936
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install setup-automatik
Description
Facilitate the installation and management of VPS solutions using the Setup Automatik engine (powered by Orion Design). Use when the user wants to install, configure, or manage tools like Traefik, Portainer, Chatwoot, N8N, and other open-source applications on a Linux VPS.
Usage Guidance
This skill appears to be a legitimate VPS installer bundle, but treat it like running any third-party installer script: do not paste SSH private keys or root passwords into chat. Prefer the OpenClaw node-pairing flow (recommended) rather than sending credentials. Before running anything, manually review the full assets/SetupOrion.sh script (search for curl/wget/git/ssh/netcat, remote URLs, or commands creating users and SSH keys). If you must run it, (1) test on an isolated disposable VPS or VM, (2) create a temporary unprivileged user or restrict credentials (least privilege), (3) avoid sharing private keys in the chat — instead use a secure pairing or ephemeral credential, and (4) consider running the script interactively yourself after inspection rather than giving the agent autonomous access. If you want, provide the full SetupOrion.sh for a focused review of any network calls or potentially dangerous commands — that would raise or lower confidence in this assessment.
Capability Analysis
Type: OpenClaw Skill Name: setup-automatik Version: 1.0.0 The skill is classified as suspicious primarily due to the explicit instructions in `SKILL.md` for the agent to request and handle highly sensitive user credentials, specifically SSH private keys or root passwords for VPS access. While the stated purpose is legitimate VPS management, this method of acquiring and handling such critical credentials creates a severe security vulnerability and a significant attack surface. The absence of the `assets/SetupOrion.sh` script, which is described as the 'main installation script,' prevents a full assessment of the actual commands executed, but the credential handling alone is a high-risk design choice.
Capability Assessment
Purpose & Capability
The name/description (VPS installer for Traefik, Portainer, N8N, etc.) align with the included assets: a tool list, a Python helper to list tools, and a large SetupOrion.sh installer. The large embedded installer and references to deploying via Portainer are coherent with the stated purpose. The presence of functions that interact with Portainer (and prompt for Portainer credentials) is expected for some automated deployments.
Instruction Scope
The SKILL.md explicitly instructs users to provide either an OpenClaw node pairing code via chat or full SSH access (IP, username, password or private key). Asking users to paste SSH private keys or passwords into chat is high-risk. The skill also says it will extract and execute blocks from the supplied SetupOrion.sh or run the script non-interactively — meaning it can run arbitrary commands on the VPS. The SKILL.md also contains unicode-control-chars (prompt-injection) signals, which is suspicious because it may be trying to manipulate evaluation or the agent's behavior.
Install Mechanism
There is no formal install spec (instruction-only), but the bundle includes a ~1.2 MB SetupOrion.sh script that will be executed by the agent/installer. Large bundled installers are not inherently malicious, but they increase risk because they execute many operations and often fetch additional resources from the network. The script references the project site and likely performs network operations; the reviewer should inspect the full script for remote downloads (curl/wget/git), subprocess execution, or telemetry calls before execution.
Credentials
The skill declares no required env vars, which is consistent, but its runtime instructions ask users for highly sensitive credentials (SSH password or private key and optionally Portainer credentials). These are functionally required to perform remote installs, but they must not be pasted into chat. Requesting Portainer credentials to perform API deploys is plausible, but the skill gives no guidance on scoping these credentials (temporary user, limited privileges).
Persistence & Privilege
The skill does not request 'always: true' and has no declared config-path or system-wide changes in the metadata; that is appropriate. The embedded script writes data under $HOME/dados_vps and may modify system packages/services as part of installations (expected for an installer). The default ability for the agent to invoke the skill autonomously (disable-model-invocation=false) combined with the credential requirements increases the potential blast radius, so enable careful operational controls (explicit user confirmation) if you allow autonomous runs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install setup-automatik
  3. After installation, invoke the skill by name or use /setup-automatik
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the setup-automatik skill. - Enables installation and management of open-source applications (e.g., Traefik, Portainer, Chatwoot, N8N) on Linux VPS using the Setup Automatik engine. - Supports automated deployments via the SetupOrion.sh script. - Provides two secure access options for VPS management: OpenClaw node pairing (recommended) and SSH credentials. - Includes clear workflow steps from preparation to verification of installations. - Offers quick-start instructions for common deployments, such as Traefik, Portainer, and app stacks. - Part of the Mundo Automatik ecosystem, with community and documentation links provided.
Metadata
Slug setup-automatik
Version 1.0.0
License
All-time Installs 1
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Setup Automatik?

Facilitate the installation and management of VPS solutions using the Setup Automatik engine (powered by Orion Design). Use when the user wants to install, configure, or manage tools like Traefik, Portainer, Chatwoot, N8N, and other open-source applications on a Linux VPS. It is an AI Agent Skill for Claude Code / OpenClaw, with 1936 downloads so far.

How do I install Setup Automatik?

Run "/install setup-automatik" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Setup Automatik free?

Yes, Setup Automatik is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Setup Automatik support?

Setup Automatik is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Setup Automatik?

It is built and maintained by alltomatos (@alltomatos); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments