Proxmox Management
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it says—manage Proxmox through an API token—but it has real VM power and snapshot authority, so install it only with least-privilege Proxmox permissions.
This skill is coherent and not showing malicious behavior in the provided artifacts. Before installing, create a dedicated Proxmox API token, avoid root or broad cluster-wide permissions unless truly needed, keep destructive-action approvals enabled, and double-check VM/container targets before approving power or snapshot operations.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-permitted action could stop services, reboot workloads, roll back data, or remove a recovery snapshot.
The skill exposes commands that can change VM/container power state and roll back or delete snapshots. These actions are consistent with the Proxmox management purpose and are marked for approval, but they are operationally high-impact.
proxmox_power_action ... Approval: true ... action: "start", "stop", "reboot", or "shutdown" ... proxmox_rollback_snapshot ... Destructive ... proxmox_delete_snapshot ... Destructive
Keep approval prompts enabled, verify node names and VM/container IDs before approving, and avoid allowing the agent to act on ambiguous targets.
If the token is too broad, the skill may be able to view or modify many VMs and containers beyond the intended target.
The setup guidance uses a Proxmox API token and may grant whole-cluster permissions. This is expected for a Proxmox management integration, but it is privileged infrastructure access.
Path: Enter / (to allow access to the whole cluster) or a specific VM path ... Role: PVEAuditor ... PVEDatastoreAdmin / PVEVMAdmin ... Propagate: Check this box
Create a dedicated Proxmox service user/token, grant only the minimum role needed, and prefer VM- or path-specific permissions instead of cluster-wide '/' access when possible.
Future package versions could change behavior or introduce dependency risk if installed without review.
The skill depends on external Python packages with broad minimum-version constraints. This is normal for this kind of API integration, but exact dependency versions are not pinned.
proxmoxer>=2.0.0 requests>=2.0.0
Install dependencies from trusted package indexes and consider pinning known-good versions in your OpenClaw environment.