MCP SSH Manager
v0.1.1This skill should be used when the user asks to "run ssh command", "execute on server", "ssh session", "upload file", "download file", "ssh tunnel", "check server status", "monitor server", "deploy files", "backup server", or needs remote server management. This skill emphasizes session reuse, workdir organization, and content persistence for sustainable operations.
⭐ 0· 1.7k·3 current·4 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description match SSH management. However, the runtime instructions reference custom CLI tools (ssh_execute, ssh_session_start, ssh_upload, etc.) and standard operations (ssh, scp, tar, git, pm2) without declaring any required binaries or credentials. The package contains helper scripts for creating a workdir and logging, but does not provide or install the external 'mcp ssh-manager' server or explain how the ssh_* tools are made available. That mismatch (claims to provide/manage servers but no install, no required binaries, no primary credential) is incoherent.
Instruction Scope
SKILL.md instructs the agent to run arbitrary remote commands, create persistent sessions, transfer files, and save command outputs and host snapshots under ~/.ssh-workdir. Those behaviors are expected for an SSH manager, but they also permit capturing and storing arbitrary remote output (which may include secrets), and running any command on remote hosts. The instructions are broad and rely on external tooling and existing SSH auth; they also implicitly assume access to the user's SSH agent/keys.
Install Mechanism
There is no install spec (instruction-only), which minimizes arbitrary remote downloads. The repo includes three small scripts (create-workdir.sh, log-command.sh, save-status.sh) that manage local logs/workdirs. Not having an install step reduces installer risk, but it increases ambiguity about where the referenced ssh_* tools come from.
Credentials
The skill declares no required environment variables or credentials, yet its functionality implicitly requires SSH authentication (private keys, agent, or credentials) and uses standard system tools. The lack of explicit credential requirements is surprising: the skill will depend on the user's existing SSH keys/config and will store outputs locally. This implicit access should be made explicit so users know what will be used or exposed.
Persistence & Privilege
The skill persists command logs, outputs, and status snapshots under ~/.ssh-workdir. Persisting remote outputs locally is reasonable for auditing, but it increases the risk of storing sensitive data (passwords, tokens, config) without explicit safeguards. The skill does not set always:true, but also does not disable model invocation — meaning the agent could invoke these behaviors when the skill is eligible. Combined with the ability to run arbitrary remote commands, that is a noteworthy privilege.
What to consider before installing
Before installing, verify the skill's source and how the ssh_* tools are provided (is there an external 'mcp-ssh-manager' service you must run?). Review the three included scripts to ensure they don't exfiltrate data or run unexpected network calls. Be aware the skill will write command outputs and host snapshots to ~/.ssh-workdir — inspect those outputs regularly and avoid storing sensitive data there. Confirm how SSH authentication will occur (SSH keys/agent), and consider restricting model-triggered use (disableModelInvocation) or running the skill in a sandbox until you trust it. If you can't verify the upstream project/homepage or the origin of the ssh_* helpers, treat this package as untrusted.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🖥️ Clawdis
latestmcpserver-managementsshssh-manager
MCP SSH Manager Skill
Original MCP Server: mcp-ssh-manager by @bvisible
This skill provides documentation, workflows, and best practices for using the MCP ssh-manager server.
Manage remote SSH servers using MCP ssh-manager tools. Emphasizes session reuse, workdir organization, and content persistence for sustainable operations.
Quick Reference
Connection Management
| Task | Tool | Example |
|---|---|---|
| List servers | ssh_list_servers | ssh_list_servers |
| Execute command | ssh_execute | ssh_execute server="rock5t" command="df -h" |
| Execute with sudo | ssh_execute_sudo | ssh_execute_sudo server="rock5t" command="apt update" |
| Check status | ssh_connection_status | ssh_connection_status action="status" |
Session Management
| Task | Tool | Example |
|---|---|---|
| Start session | ssh_session_start | ssh_session_start server="rock5t" name="deploy" |
| Send command | ssh_session_send | ssh_session_send session="xxx" command="cd /var" |
| List sessions | ssh_session_list | ssh_session_list |
| Close session | ssh_session_close | ssh_session_close session="xxx" |
File Operations
| Task | Tool | Example |
|---|---|---|
| Upload file | ssh_upload | ssh_upload server="rock5t" localPath="." remotePath="/tmp" |
| Download file | ssh_download | ssh_download server="rock5t" remotePath="/var/log/syslog" localPath="." |
| Sync files | ssh_sync | ssh_sync server="rock5t" source="local:./dist" destination="remote:/var/www" |
Monitoring
| Task | Tool | Example |
|---|---|---|
| Tail log | ssh_tail | ssh_tail server="rock5t" file="/var/log/syslog" lines=20 |
| Health check | ssh_health_check | ssh_health_check server="rock5t" |
| Monitor resources | ssh_monitor | ssh_monitor server="rock5t" type="overview" |
| Service status | ssh_service_status | ssh_service_status server="rock5t" services="nginx,docker" |
Tunneling
| Task | Tool | Example |
|---|---|---|
| Create tunnel | ssh_tunnel_create | ssh_tunnel_create server="rock5t" type="local" localPort=8080 remoteHost="localhost" remotePort=80 |
| List tunnels | ssh_tunnel_list | ssh_tunnel_list |
| Close tunnel | ssh_tunnel_close | ssh_tunnel_close tunnelId="xxx" |
Backup
| Task | Tool | Example |
|---|---|---|
| Create backup | ssh_backup_create | ssh_backup_create server="rock5t" type="files" name="data" |
| List backups | ssh_backup_list | ssh_backup_list server="rock5t" |
| Restore backup | ssh_backup_restore | ssh_backup_restore server="rock5t" backupId="xxx" |
| Schedule backup | ssh_backup_schedule | ssh_backup_schedule server="rock5t" schedule="0 2 * * *" type="files" name="daily" |
Usage Examples
Example 1: Single Command
# Simple command - no session needed
ssh_execute server="rock5t" command="df -h"
Example 2: Multi-step Deployment with Session
# Check existing sessions first
ssh_session_list
# Start a persistent session
ssh_session_start server="rock5t" name="deploy"
# Get session ID from previous response
ssh_session_send session="xxx" command="cd /home/imax/project"
ssh_session_send session="xxx" command="git pull origin main"
ssh_session_send session="xxx" command="npm install"
ssh_session_send session="xxx" command="npm run build"
ssh_session_send session="xxx" command="pm2 restart all"
# Close when done
ssh_session_close session="xxx"
Example 3: System Health Check
# Check overall health
ssh_health_check server="rock5t"
# Monitor specific resources
ssh_monitor server="rock5t" type="cpu" interval=5 duration=30
# Check specific services
ssh_service_status server="rock5t" services="nginx,docker,postgres"
Example 4: File Deployment
# Upload deployment package
ssh_upload server="rock5t" localPath="./dist/app.tar.gz" remotePath="/tmp/app.tar.gz"
# Extract and restart
ssh_execute server="rock5t" command="cd /tmp && tar -xzf app.tar.gz && cp -r app/* /var/www/ && pm2 restart app"
Example 5: Log Monitoring
# Tail real-time logs
ssh_tail server="rock5t" file="/var/log/nginx/access.log" lines=50 follow=true
# Filter with grep
ssh_tail server="rock5t" file="/var/log/syslog" grep="error" lines=100
Example 6: Create SSH Tunnel
# Local port forward (access remote service locally)
ssh_tunnel_create server="rock5t" type="local" localPort=5432 remoteHost="localhost" remotePort=5432
# Now connect to local:5432 to access remote database
Workdir Management
Store SSH operation results in ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/ for reuse and comparison.
Structure
~/.ssh-workdir/
└── {hostname}/
└── {YYYY-MM-DD}-{topic}/
├── commands.md # All executed commands
├── output/ # Command outputs
│ ├── df-h.txt
│ ├── cpu.txt
│ └── memory.txt
├── status.json # Host status snapshot
└── summary.md # Findings and notes
Create Workdir
# Create new workdir
mkdir -p ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/output
# Create commands log
touch ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/commands.md
Log Commands
# Add command to log
echo "## $(date)" >> ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/commands.md
echo 'df -h' >> ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/commands.md
Save Output
# Execute and save
ssh_execute server="{hostname}" command="df -h" > ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/output/df-h.txt
Write Summary
# Write findings
echo '## System Check Findings' >> ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/summary.md
echo '- Disk usage: 75% on /dev/sda1' >> ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/summary.md
echo '- Memory: 4GB/16GB used' >> ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/summary.md
Reuse Previous Context
# Check if recent work exists
ls ~/.ssh-workdir/{hostname}/
# Read previous summary
cat ~/.ssh-workdir/{hostname}/{previous-date}-{topic}/summary.md
# Compare outputs
diff ~/.ssh-workdir/{hostname}/{yesterday}-{topic}/output/df-h.txt \
~/.ssh-workdir/{hostname}/{today}-{topic}/output/df-h.txt
Session Management Guidelines
When to Use Sessions
Use session for:
- Multi-step deployments
- Tasks requiring state (cd, environment)
- Long-running workflows (more than 3 commands)
- Tasks where command order matters
Don't use session for:
- Single quick commands (
df -h,pwd) - Unrelated commands that don't need state
- Read-only monitoring tasks
Session Lifecycle
# 1. Check existing sessions first
ssh_session_list
# 2. Reuse existing session if available and still active
ssh_session_send session="existing-id" command="..."
# 3. Start new session only if necessary
ssh_session_start server="{hostname}" name="{task-name}"
# 4. ALWAYS close when done
ssh_session_close session="{session-id}"
Timeout Considerations
- SSH server may close idle sessions (typically 3-5 minutes by default)
- Configure
ClientAliveIntervalon server for longer keepalive - For long-running tasks, consider periodic lightweight commands to keepalive
- If session becomes unresponsive, create a new one
Best Practices
Before SSH Operations
-
Check existing sessions
ssh_session_list -
Check recent workdir
ls ~/.ssh-workdir/{hostname}/ -
Create new workdir if starting new task
mkdir -p ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/output
During SSH Operations
-
Use appropriate tool for the task
- Single command:
ssh_execute - Multi-step:
ssh_session_start→ssh_session_send→ssh_session_close - File transfer:
ssh_upload/download/sync - Monitoring:
ssh_monitor,ssh_tail,ssh_health_check
- Single command:
-
Log commands to workdir
echo "command" >> ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/commands.md -
Save important outputs
ssh_execute server="{hostname}" command="df -h" > ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/output/df-h.txt
After SSH Operations
-
Close sessions
ssh_session_close session="{session-id}" -
Write summary
echo '## Findings' >> ~/.ssh-workdir/{hostname}/{YYYY-MM-DD}-{topic}/summary.md -
Clean up
- Close tunnels:
ssh_tunnel_close - Verify all sessions closed:
ssh_session_list
- Close tunnels:
Tips
- Use
ssh_session_listbefore starting new tasks to reuse existing sessions - Create workdir for each task to maintain organized history
- Write summaries to quickly recall previous work
- Use
ssh_connection_status action="status"to check connection health - For server comparison, store outputs with consistent naming across hosts
- Close sessions when done to free resources
- Configure server-side
ClientAliveIntervalfor longer session timeouts if needed
Additional Resources
Reference Files
references/sessions.md- Session management deep divereferences/workspace.md- Workdir structure and usagereferences/comparison.md- How to compare historical data
Example Files
examples/system-check.md- Complete system health check workflowexamples/deployment.md- Multi-step deployment exampleexamples/troubleshooting.md- Problem diagnosis workflow
Scripts
scripts/create-workdir.sh- Create new workdir structurescripts/log-command.sh- Log command to workdirscripts/save-status.sh- Capture and save host status
Comments
Loading comments...