Ambari API
v0.1.0Manage Hadoop clusters via Ambari REST API. Supports service start/stop/restart, component operations, and cluster monitoring. Use when managing Ambari clust...
⭐ 0· 17·0 current·0 all-time
by@lukaizj
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: the Python client and CLI perform Ambari cluster, service, host, and component operations via Ambari REST endpoints. Required artifacts (username/password in config) are coherent with the stated purpose.
Instruction Scope
SKILL.md and the CLI only instruct the agent to install dependencies and call the included script against Ambari endpoints. They require storing cluster URL, username, and password in a local config file (~/.claude/skills/ambari-api/config.json). The README/docs and code also indicate SSL verification is disabled by default — this expands the attack surface (man-in-the-middle) but is explicitly documented.
Install Mechanism
No package-install install spec in the registry; SKILL.md tells users to pip install the local requirements.txt (requests, urllib3). Dependencies are typical for an HTTP client; nothing is downloaded from untrusted URLs by the skill itself.
Credentials
The skill does not request environment variables or external credentials, instead it asks users to supply Ambari username/password which are persisted to a local config file in plaintext. That is functionally proportional but insecure in practice. No unrelated credentials or services are requested.
Persistence & Privilege
The skill writes only to its own config path (~/.claude/skills/ambari-api/config.json) and does not request always:true or other elevated agent privileges. It does network calls to Ambari hosts as expected for its purpose.
Assessment
This skill appears to be a legitimate Ambari REST API client, but there are two practical security issues you should address before using it in production: (1) Credentials are stored in plaintext under ~/.claude/skills/ambari-api/config.json — restrict file permissions (e.g., chmod 600), consider using a secret manager instead of saving passwords, and remove stored credentials when no longer needed. (2) The client disables SSL certificate verification by default (verify_ssl defaults to False and the code passes verify=False), which makes HTTPS vulnerable to MITM; either enable certificate verification in the code (change default to True and/or add a CLI flag) or ensure you only talk to trusted Ambari endpoints via a secure network and proper CA bundles. Also: review the script before running, run pip install in a controlled environment, and ensure the config file location is acceptable for your security posture.Like a lobster shell, security has layers — review code before you run it.
latest
Ambari API Management
Manage Hadoop clusters through Ambari REST API (supports Ambari 2.7.5 and 3.0.0).
Quick Start
# Install dependencies
pip install -r ~/.claude/skills/ambari-api/scripts/requirements.txt
# Add cluster configuration
python ~/.claude/skills/ambari-api/scripts/ambari_api.py config --add \
--name prod \
--url https://ambari.example.com:8080 \
--username admin \
--password admin
# List clusters
python ~/.claude/skills/ambari-api/scripts/ambari_api.py clusters --config prod
Core Operations
Service Management
# List services in a cluster
python ambari_api.py services --config prod --cluster mycluster
# Start/Stop/Restart a service
python ambari_api.py services --config prod --cluster mycluster --service HDFS --action START
python ambari_api.py services --config prod --cluster mycluster --service YARN --action STOP
python ambari_api.py services --config prod --cluster mycluster --service HIVE --action RESTART
Component Management (Host-Specific)
# List components on a host
python ambari_api.py components --config prod --cluster mycluster --host node01
# Start/Stop specific component on a host
python ambari_api.py components --config prod --cluster mycluster --host node01 \
--service HDFS --component DATANODE --action START
python ambari_api.py components --config prod --cluster mycluster --host node01 \
--service HDFS --component DATANODE --action STOP
Host and Status Operations
# List all hosts
python ambari_api.py hosts --config prod --cluster mycluster
# Get service status
python ambari_api.py status --config prod --cluster mycluster --service HDFS
Configuration Management
# List configured clusters
python ambari_api.py config --list
# Remove a cluster configuration
python ambari_api.py config --remove --name prod
API Reference
| Command | Description |
|---|---|
config --add | Add cluster config with URL, username, password |
config --list | List all saved configurations |
clusters | List clusters in Ambari |
services | List services or perform START/STOP/RESTART |
hosts | List hosts in a cluster |
components | List or manage components on specific host |
status | Get detailed service status |
References
- API Endpoints - Complete API endpoint reference
- Examples - Common usage patterns
- Troubleshooting - Common issues and solutions
Comments
Loading comments...