ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ssh-agentd-control

管理并使用本地 ssh-agentd(systemd 常驻 + API 调用 + 连通性验证)。当用户提到 ssh-agentd、持久 SSH 会话、/run /upload /tail_logs、开机自启、会话状态/指标排查时使用。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 222 · 0 current installs · 0 all-time installs
byofflinecat@offlinecat-dev
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the provided instructions and script: systemctl commands, local API calls, and connectivity checks. Minor oddity: SKILL.md references hard-coded user-specific paths (/home/krex/...) which makes the skill environment-specific and may not work on other machines or leak path assumptions.
Instruction Scope
Instructions tell the agent to run systemctl, inspect sockets, and call the local API (including running remote commands through the agent). All of these are coherent with managing ssh-agentd. Note: the skill suggests running privileged commands (sudo) and will invoke operations that can execute arbitrary commands on hosts via the agent's /run endpoint — expected for this tool but powerful, so exercise caution.
Install Mechanism
No install spec (instruction-only) and only a small helper script are included, so nothing is downloaded or written to disk at install time beyond the provided files.
Credentials
Registry metadata lists no required env vars, but the script and examples use SSH_AGENTD_TOKEN and optionally SSH_AGENTD_URL. This is reasonable (token is optional if API auth is disabled), but the skill should document these env vars in its manifest. The script intentionally unsets proxy env vars/uses --noproxy to reach localhost; while sensible to avoid proxy interception, this behavior can bypass network monitoring in some environments and is worth noting.
Persistence & Privilege
The skill does not request always:true or persistent privileges. It instructs administrators to run systemctl (sudo) for enabling/restarting the service — appropriate for managing a systemd service. The skill does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: help manage a local ssh-agentd service and call its HTTP API. Before installing or using it: (1) verify the hard-coded paths (e.g., /home/krex/...) and update them to match your environment; (2) review the systemd unit and hosts.yaml on the target machine so you trust what the agent can do; (3) treat SSH_AGENTD_TOKEN like any secret — do not store it in files checked into repos and prefer short-lived tokens with minimal scope; (4) be aware the script unsets proxy variables/uses --noproxy '*' (this is to reach localhost but effectively bypasses proxies/monitoring); (5) remember many commands require sudo and the agent can trigger remote command execution via /run, so limit who can invoke the skill and audit usage. If you need higher assurance, request the publisher declare SSH_AGENTD_TOKEN/SSH_AGENTD_URL as optional env vars in metadata and replace hard-coded paths with configurable defaults.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk973ywmwj57g54mkmyy0f3nmwx824ge1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

ssh-agentd 控制技能

适用环境(当前):

  • 二进制:/home/krex/.openclaw/workspace-hermes/ssh-agentd/bin/ssh-agentd
  • 配置:/home/krex/.openclaw/ssh-agentd/hosts.yaml
  • systemd:ssh-agentd.service
  • 默认监听:127.0.0.1:18081

快速检查

sudo systemctl is-enabled ssh-agentd.service
sudo systemctl is-active ssh-agentd.service
ss -ltnp | grep 18081
sudo systemctl status ssh-agentd.service --no-pager -l | sed -n '1,80p'

启停与自启

sudo systemctl daemon-reload
sudo systemctl enable --now ssh-agentd.service
sudo systemctl restart ssh-agentd.service
sudo systemctl stop ssh-agentd.service

API 调用要点

  1. 默认使用 Bearer Token 鉴权(若配置启用)
  2. 本机常有代理变量,调用本地 API 时必须绕过代理

推荐统一用脚本:scripts/api.sh

示例:运行远程命令

SSH_AGENTD_TOKEN='<token>' \
  scripts/api.sh POST /run '{"host":"nas","cmd":"hostname && whoami","timeoutSec":10}'

示例:查看会话与指标

SSH_AGENTD_TOKEN='<token>' scripts/api.sh GET /sessions
SSH_AGENTD_TOKEN='<token>' scripts/api.sh GET /metrics
SSH_AGENTD_TOKEN='<token>' scripts/api.sh GET /health

常见故障

1) 返回 401 unauthorized

  • 检查 apiAuth.enabled/token 配置
  • 确认请求头 Authorization: Bearer <token>

2) 调本地 API 返回 502

  • 原因:请求被系统代理劫持
  • 处理:用 --noproxy '*' 或临时 unset 代理变量(脚本已内置)

3) run 失败且提示 host key/known_hosts

  • 原因:v1 已启用 HostKey 校验
  • 处理:把目标主机 key 加入 known_hosts

安全约束

  • 不要把真实 token/密码写进 skill 文件。
  • 不要把 hosts.yaml 放进仓库。
  • 修改服务配置后必须重启并验证 status + /health + /sessions

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…