Ssh Deploy Skill
v1.2.2Universal SSH remote deployment tool - multi-server management, batch deployment, installation script templates with domestic mirror optimization. Supports r...
⭐ 0· 79·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (SSH remote deployment, templates, batch ops) aligns with the included Python scripts, templates, and required binaries (python3, ssh, scp). The code and templates provide the expected features (inventory, reading ~/.ssh/config, remote exec, SFTP uploads/downloads, mirror setup).
Instruction Scope
The SKILL.md and scripts instruct the agent to read ~/.ssh/config and to save/load inventory from ~/.ssh-deploy/inventory.json. That is expected for an SSH deployer, but it means the skill will enumerate host entries and may reference private key file paths from your SSH config. The tool also supports password fields in inventory.json (with warnings) and pipes arbitrary templates to remote bash; both are functional for deployment but increase risk if misused.
Install Mechanism
No remote download/extract operations are present; the declared install step is a simple pip install paramiko which is proportionate. There is a metadata inconsistency: registry summary said 'No install spec / instruction-only', but SKILL.md includes an install entry for paramiko and the package includes multiple code files — the skill is not purely instruction-only.
Credentials
The skill requests no global credentials, which is appropriate. However it will read SSH configuration (including IdentityFile paths) and can (by design) store passwords in inventory.json (the code shows warnings but still supports plaintext passwords). Templates expect user-provided env vars for things like MYSQL_ROOT_PASSWORD; users must ensure secrets are handled safely. Overall requested env access is minimal, but local config and password storage are areas to be careful with.
Persistence & Privilege
The skill writes configuration/inventory under ~/.ssh-deploy (expected for such a tool) and reads ~/.ssh/config and known_hosts. It does NOT request 'always: true'. A notable default is non-strict host-key handling: the deployer uses paramiko.AutoAddPolicy() by default (auto-accept host keys) and only enables strict host key checking when the user passes --strict. This default favors convenience over security and should be changed for production.
Assessment
This skill appears to be what it says: a paramiko-based SSH deployment tool with templates. Before installing or running it: 1) Review the scripts (deploy.py, inventory.py, templates) and templates to ensure they won't run unexpected commands on your hosts. 2) Be aware it will read your ~/.ssh/config and may reference IdentityFile paths — only allow it if you trust the skill and the environment. 3) Do NOT store plaintext passwords in ~/.ssh-deploy/inventory.json; use SSH keys or an external vault. 4) For production, enable strict host key verification (use the --strict flag) because the default auto-accept behavior is insecure. 5) Note the metadata mismatch: the registry summary made it look instruction-only, but code files exist and SKILL.md instructs installing paramiko — treat it as code you should review. 6) Test on non-production/ephemeral servers first and inspect what templates (e.g., base_setup.sh, install_*.sh) will change before running them across many hosts.Like a lobster shell, security has layers — review code before you run it.
automationvk970ejtcy9k7ggxafygzczegw584a71ddeploymentvk970ejtcy9k7ggxafygzczegw584a71ddevopsvk970ejtcy9k7ggxafygzczegw584a71dlatestvk979f55trx8z0ntabt1jha15cs84ahz9server-managementvk970ejtcy9k7ggxafygzczegw584a71dsshvk970ejtcy9k7ggxafygzczegw584a71d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🚀 Clawdis
Binspython3, ssh, scp