ClawHub

ssh-executor

v1.0.3

Execute commands on remote hosts over SSH using SSH aliases, ssh config, tmux sessions, and private keys. Use when the user asks to SSH into a host, inspect...

0· 112·0 current·0 all-time
by@rickkbarbosa

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for rickkbarbosa/ssh-executor.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ssh-executor" (rickkbarbosa/ssh-executor) from ClawHub.
Skill page: https://clawhub.ai/rickkbarbosa/ssh-executor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: ssh, bash, python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ssh-executor

ClawHub CLI

Package manager switcher

npx clawhub@latest install ssh-executor
Security Scan
Capability signals
Requires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the actual behavior: the skill wraps ssh via a bash helper and uses python3 to format output and parse ssh config. Declared binaries (ssh, bash, python3) are required and appropriate; no unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md restrains when to inspect ~/.ssh/config and mandates confirmation for mutating commands. The bundled script can read ~/.ssh/config and uses `ssh -G` to resolve identityfile entries and returns resolved_identity_files and key_path (paths only). This can reveal filenames/paths of private keys and SSH metadata to whoever receives the script output; the script does not read private-key contents or transmit data off-host. Confirm you want the agent to read your SSH config and share resolved paths before invoking.
Install Mechanism
No install spec (instruction-only plus bundled script) — nothing is downloaded or written by an installer. The only included code is a local helper script; no external installs or url downloads are present.
Credentials
The skill requests no environment variables or external credentials. It does access local SSH config and may expose key file paths (but not key contents). This level of access is proportionate to remote-SSH functionality, but users should be aware that resolved identity file paths and host metadata will appear in outputs.
Persistence & Privilege
always is false and the skill is user-invocable; it does not attempt to persist, modify other skills, or change global agent settings. Autonomous model invocation remains enabled (the platform default) but is not combined with elevated privileges here.
Assessment
This skill appears to do exactly what it says: it wraps ssh for safe, key-based remote commands. Before installing, review the bundled scripts (scripts/ssh-run.sh) yourself and only allow the agent to run it when you trust the skill. Be aware it will read ~/.ssh/config (and return resolved metadata including identityfile paths and resolved host/user/port); it does not read private-key contents, nor does it exfiltrate data to external endpoints. Test on a non-production host first, avoid pasting passwords into chat, and require explicit confirmation via --confirm-dangerous before running any mutating commands.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

OSLinux · macOS
Binsssh, bash, python3
latestvk970pkrh7ke2ar9emd45ednr5s84w6rw
112downloads
0stars
4versions
Updated 1w ago
v1.0.3
MIT-0
Linux, macOS
@rickkbarbosa
latest
Download

SSH Executor

Use this skill to run remote commands safely over SSH.

Quick start

  1. Gather the host alias, username, port, and key path from the user's instructions or local SSH config.
  2. Prefer SSH aliases from ~/.ssh/config instead of raw IPs when available.
  3. Default to read-only commands first.
  4. Require explicit user confirmation before destructive or state-changing commands.
  5. Use the bundled scripts/ssh-run.sh helper for execution.
  6. Return stdout, stderr, exit code, and resolved SSH metadata clearly.

Safety rules

  • Prefer key-based auth. Do not ask the user to paste passwords into chat unless they explicitly insist and understand the risk.
  • Do not reveal or copy private-key contents into chat, logs, or memory files.
  • Do not disable host-key checking silently.
  • Prefer the host's existing ssh config when possible.
  • Treat these as destructive unless the user clearly asked for them: rm, mv, chmod, chown, systemctl restart|stop|disable, reboot, shutdown, package installs/upgrades, docker compose down, schema changes, file writes, or anything using sudo.
  • For destructive work, confirm the exact command before running it, then pass --confirm-dangerous.
  • If a command can be split into inspect first and mutate later, do the inspect step first.

Workflow

1. Resolve target

Collect or infer:

  • host or SSH alias
  • user, if not already encoded in the alias
  • port, if non-default
  • key path, if needed
  • timeout
  • desired host-key policy
  • optional ssh config path

If a known SSH alias already exists, prefer it over a raw host/IP.

Only inspect ~/.ssh/config when the user already uses SSH aliases or asks you to resolve them.

To inspect available aliases from the default ssh config:

scripts/ssh-run.sh --list-aliases

To inspect aliases from a custom config file:

scripts/ssh-run.sh --list-aliases --config ~/.ssh/config

2. Decide risk level

  • Read-only: hostname, uname -a, uptime, df -h, journalctl -n 100, docker ps
  • Mutating: package management, service restarts, file edits, deletes, deploys

Read-only commands can usually run immediately. Mutating commands need explicit confirmation.

3. Run command

Use:

scripts/ssh-run.sh --host <host-or-alias> [--user <user>] [--port <port>] [--key <path>] [--timeout <seconds>] [--config <ssh-config>] [--host-key-checking accept-new|yes] -- '<command>'

If the command is mutating and the user explicitly approved it:

scripts/ssh-run.sh --host <host-or-alias> --confirm-dangerous -- '<command>'

Examples:

scripts/ssh-run.sh --host web-1 -- 'hostname && uptime'

scripts/ssh-run.sh --host 192.168.1.50 --user root --port 2222 --key ~/.ssh/id_ed25519 --timeout 15 --host-key-checking yes -- 'df -h && free -h'

scripts/ssh-run.sh --host prod-app --confirm-dangerous -- 'sudo systemctl restart myapp'

4. Report result

Summarize briefly:

  • whether the SSH connection succeeded
  • exit code
  • resolved host/user/port when useful
  • key findings from stdout/stderr
  • next safe step

Install and test

This skill lives under the workspace skills/ directory so OpenClaw can discover it in future sessions.

Suggested smoke tests for the bundled helper:

bash -n scripts/ssh-run.sh
scripts/ssh-run.sh --help
scripts/ssh-run.sh --list-aliases

Resources

  • scripts/ssh-run.sh: key-based SSH wrapper with structured JSON output, alias support, and dangerous-command confirmation
  • references/safety.md: extra guidance for safe remote execution

Comments

Loading comments...