ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Oz CLI Remote Node

v1.1.3

Execute commands or tasks on the Oz Build Node via CLI, with mode-based control and direct bash command support on the remote node.

0· 120·0 current·0 all-time
by@eladrave

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for eladrave/oz-cli-remote-node.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Oz CLI Remote Node" (eladrave/oz-cli-remote-node) from ClawHub.
Skill page: https://clawhub.ai/eladrave/oz-cli-remote-node
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install oz-cli-remote-node

ClawHub CLI

Package manager switcher

npx clawhub@latest install oz-cli-remote-node
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to act as a proxy to oz-cli on a remote node and the instructions consistently require and use the 'nodes' tool to run commands remotely. The package.json declares 'nodes' permission, which aligns with the stated purpose.
!
Instruction Scope
SKILL.md instructs the agent to: (a) check local sandbox indicators (/.dockerenv and /proc/1/cgroup) by reading local filesystem state, (b) persistently save the remote node name and selected profile ID into workspace files/memory, and (c) create oz_run.<id>.md files that include Run IDs, original prompts and the 'Open in Oz' URL. Reading local system files and persisting run data/URLs and full prompts can expose sensitive environment details or secrets. These actions go beyond simply proxying commands and are not represented as required config paths or env vars in the metadata.
Install Mechanism
This is an instruction-only skill with no install spec or code files; nothing is downloaded or written by an installer. That minimizes installation risk.
Credentials
The skill requests no environment variables or credentials, which is proportionate. However, it instructs creating persistent workspace files that will store run IDs, prompts, and URLs (which may contain tokens or sensitive info). Although not explicit credential requests, this persistent storage can lead to exfiltration risk if the workspace is shared or backed up.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges, but it instructs the agent to write and retain node/profile settings and run-tracking files in the workspace. Persistent storage of run metadata and user prompts increases exposure over time and should be considered when deciding whether to install.
What to consider before installing
This skill does what it says—it proxies oz-cli and arbitrary bash commands to a remote node via the 'nodes' tool—but it also asks the agent to read local sandbox indicators and to store run metadata, prompts, and 'Open in Oz' URLs in workspace files. Before installing, consider: 1) Only enable if you trust the remote node and whoever has access to it, because the skill allows running arbitrary commands there. 2) Expect persistent files (TOOLS.md, oz_run.<id>.md) containing prompts and URLs; these may contain sensitive data or tokens—inspect and clean these files regularly or avoid storing them. 3) The skill reads local files like /.dockerenv and /proc/1/cgroup; if you do not want the agent checking local runtime state, do not install. 4) Limit who can invoke the skill, and avoid sending secrets or credentials in prompts. If you want reassurance, ask the author to remove local filesystem checks or to make persistent storage explicitly configurable and documented.

Like a lobster shell, security has layers — review code before you run it.

latestvk979t5d099mv6vqy4t8x4j4xtn83spxg
120downloads
0stars
5versions
Updated 1mo ago
v1.1.3
MIT-0
@eladrave
latest
Download

oz

Description

This skill implements the /oz slash command and acts as a proxy to the oz-cli on a remote node. Use this skill ONLY when the user activates Oz mode with /oz or explicitly asks to use Oz/Warp.

Onboarding & Setup (First-Time Use)

When a user first installs or attempts to use this skill, guide them through the setup process:

  1. Explain the Purpose: Let the user know this skill allows them to run the oz CLI on a remote node via the Gateway, acting as a proxy.
  2. Determine the Remote Node: Ask the user for the exact name of the remote node where oz-cli is installed (e.g., "Build Node"). Save this node name into your workspace's TOOLS.md or a local memory file so you remember it for all future uses.
  3. Verify Tool Permissions: Verify that you (the agent) have the nodes tool enabled. If not, instruct the user to grant it (e.g., openclaw config set agents.list[<your-index>].tools.allow '["nodes"]') and restart the gateway.
  4. Sandbox Detection: Check if you are currently running in a Docker sandbox (e.g., by checking if /.dockerenv exists or using cat /proc/1/cgroup). If you are in a sandbox, inform the user that local oz execution is impossible without a custom developer image.
  5. Select Agent Profile: Once the remote node is known, execute oz agent profile list --output-format json on that node using the nodes tool.
    • Note: Ignore standard error warnings (like libEGL warning) and parse the JSON array (e.g., [{"id":"Unsynced","name":"Default"},{"id":"...","name":"Claude"}]).
    • Show the user the list of profile names and ask which one they want to use.
    • Save the selected profile's id (not the name) to your memory alongside the node name.

State Memory (Oz Mode)

  • If the user types /oz, you MUST reply with a clear confirmation: "✅ Oz mode is now ACTIVE. All messages will be sent to the Oz CLI on the remote node. Type /oz off to exit, or use ! <command> to run a direct bash command."
  • If the user types /oz off, you MUST reply: "❌ Oz mode is now OFF. Returning to normal assistant behavior."
  • While in Oz mode, treat EVERY subsequent message from the user as a prompt for the oz CLI on the remote node, UNLESS the message starts with !.

Execution on Remote Node

You must use the nodes tool with action="run" and node="<Saved_Node_Name>" for all execution here. Do NOT use local exec.

  1. Direct Bash Commands (!):

    • If the user message starts with ! (e.g. ! ls -la or ! mkdir test):
    • Strip the ! and run it as a direct shell command on the remote node using the nodes tool.
    • Command array format: ["bash", "-c", "<command>"]
    • Use cwd: ~/git (or the last known working directory if changed).
    • Report the output directly.

  2. Oz CLI Prompts & Run Tracking:

    • CRITICAL: ALWAYS use oz agent run. NEVER use oz agent run-cloud.
    • Run the oz CLI on the remote node using the nodes tool.
    • Command array format MUST include the saved profile id: ["oz", "agent", "run", "--cwd", "~/git", "--profile", "<Saved_Profile_ID>", "--prompt", "<user_prompt>"]
    • Run Tracking: When you start an oz agent run, you MUST keep track of it:
      1. Monitor the initial output to capture the unique Run ID and the "Open in Oz URL".
      2. Create a tracking file in your workspace named oz_run.<id>.md.
      3. Include in this file: Date, Time, Run ID, the Original Prompt, the Open in Oz URL, and any other relevant metadata.
      4. Keep track of the oz commands that are currently running.
    • Completion: Once the oz agent run command is done, update the tracking file and send a response back to the user formatted EXACTLY like this: 
      oz agent for run ID: <id> done.

<the response from the oz agent>

Supported oz agent run Flags

You can append these flags to the oz agent run command if explicitly requested by the user:

  • --cwd <PATH> (-C): run from a different directory.
  • --name <NAME> (-n): label the run for grouping and traceability.
  • --share: share the session with teammates.
  • --profile <ID>: use a specific agent profile (defaults to the saved ID if not specified).
  • --model <MODEL_ID>: override the default model.
  • --skill <SPEC>: use a skill as the base prompt.
  • --mcp <SPEC>: start one or more MCP servers (UUID, JSON path, or inline JSON). Can be repeated.
  • --environment <ID> (-e): run in a specific cloud environment.
  • --file <PATH> (-f): load run configuration from a YAML or JSON file.

Comments

Loading comments...