Proxmox Full
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token belongs to a highly privileged Proxmox user, the agent could control large parts of the cluster, including starting, stopping, creating, cloning, or modifying workloads.
The setup explicitly tells users to disable Proxmox token privilege separation, which can make the token inherit the full permissions of the owning account instead of being narrowly scoped.
**Create API token:** Datacenter → Permissions → API Tokens → Add (uncheck Privilege Separation)
Use a dedicated Proxmox user or token with the minimum required roles, keep privilege separation enabled where possible, and restrict permissions to specific nodes, storage, pools, or VM IDs.
A mistaken or ambiguous request could stop production VMs or remove recovery points, causing outages or making rollback harder.
The skill documents direct high-impact API operations, including immediate VM stops and snapshot deletion, with no visible confirmation requirement, safety check, or scoped workflow.
# Stop (immediate)
curl -sk -X POST -H "$AUTH" "$PVE_URL/api2/json/nodes/{node}/qemu/{vmid}/status/stop"
...
# Delete snapshot
curl -sk -X DELETE -H "$AUTH" "$PVE_URL/api2/json/nodes/{node}/qemu/{vmid}/snapshot/{snapname}"Require explicit user confirmation before destructive or availability-impacting actions, verify node and VM IDs, and prefer safer workflows such as listing targets before mutating them.
On an untrusted network or with a spoofed endpoint, the privileged Proxmox token could be exposed to an attacker.
The examples send the Proxmox API token in an Authorization header while using curl's -k option, which disables TLS certificate verification.
AUTH="Authorization: PVEAPIToken=$PVE_TOKEN" ... curl -sk -H "$AUTH" "$PVE_URL/api2/json/cluster/status" | jq
Avoid -k when possible; configure trusted Proxmox certificates or a pinned CA, and only connect to verified PVE_URL endpoints.
If copied directly, a new container could be created with an easily guessed password.
The LXC creation example includes a weak sample root password and starts the container immediately.
-d "password=changeme123" \ -d "start=1"
Replace sample passwords with unique secrets, prefer SSH keys, and avoid automatically starting newly created containers until access controls are verified.