Proxmox Backup Server Manager
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Proxmox Backup Server management, but it should be reviewed carefully because it handles high-privilege Proxmox/PBS secrets and makes risky default/privacy assurances around them.
Before installing, make sure you are comfortable granting this skill access to Proxmox/PBS backup credentials. Prefer a dedicated least-privilege backup API token, avoid root credentials, enable TLS verification where possible, review every SSH/shell command before execution, and treat any password or token pasted into chat as sensitive.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A leaked or intercepted token could give significant control over Proxmox backup operations and VM/container metadata, especially if a root token is used.
The intended config includes a high-privilege Proxmox token example, stores the token secret, and shows TLS verification disabled by default.
"token_id": "root@pam!backup", "token_secret": "xxx", "verify_ssl": false
Use a dedicated backup-only Proxmox user/token with only the listed backup privileges, enable TLS verification or certificate pinning, chmod credential files to 600, and rotate any secrets entered during setup.
Users may become less cautious about pasting root passwords or API tokens into chat, even though those secrets are powerful and may still be exposed depending on the runtime environment.
The skill asks users to disclose sensitive secrets in chat and gives a broad logging/memory assurance that the artifact itself cannot enforce.
Credentials (passwords, tokens) will pass through the chat. This is expected ... and are not stored in agent logs or memory.
Treat chat-entered secrets as sensitive, prefer short-lived or dedicated setup tokens, avoid root credentials where possible, and enter secrets directly on the target system when feasible.
Incorrect commands or parameters could disrupt storage mounts, backup configuration, or Proxmox/PBS hosts.
The skill can guide or perform privileged infrastructure changes; the behavior is disclosed and purpose-aligned, but it affects hosts, storage, and boot-time mounts.
Remote operations (PBS installation, NAS mounting, fstab editing) are performed by the agent via SSH or by the user following printed instructions.
Use the instruction-only mode unless you intentionally want the agent to execute commands, review each command before running it, and keep backups of existing fstab/storage configuration.
Installing an unpinned package can pull a newer or unexpected dependency version.
The dependency installation is user-directed and relevant to the skill, but it is unpinned and outside an install spec.
If `proxmoxer` is missing: `pip install proxmoxer`
Install dependencies in a controlled environment and consider pinning a trusted proxmoxer version.