Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ssh Batch Manager
v2.1.9Batch SSH key management. Distribute/remove SSH keys to/from multiple servers with intelligent connectivity pre-check and source tracking.
⭐ 1· 417·3 current·3 all-time
byTK@stj001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name, description, and required binaries (ssh, ssh-copy-id, sshpass) and the cryptography dependency align with a tool that distributes SSH keys and stores encrypted passwords. Included scripts (add-server.py, delete-server.py, enable/disable commands) are consistent with the stated features.
Instruction Scope
SKILL.md and the code instruct the agent to manage ~/.openclaw/credentials/ssh-batch.json and to auto-start a Web UI. The package includes an openclaw-integration.py that runs enable/disable commands programmatically; this creates a plausible path for non-interactive invocation. The serve-ui.py uses socketserver.TCPServer(('', PORT)) which binds to all network interfaces (0.0.0.0) by default, exposing the UI beyond localhost. The documentation's 'MUST obtain explicit user confirmation' safety rule is good, but the codebase contains programmatic entry points (openclaw-integration.py, systemd service) that could be triggered without that confirmation if not enforced in the main CLI logic.
Install Mechanism
There is no registry install spec, but SKILL.md lists pip/apt/script actions (pip install cryptography, apt install sshpass, run post-install.sh). All artifacts are bundled in the skill (no remote downloads). post-install.sh writes a systemd unit under /etc/systemd/system and uses sudo, which is expected for auto-start but is a privileged action that will modify system services.
Credentials
The skill does not request unrelated cloud credentials or external API keys. It legitimately needs access to local SSH keys, the user's ~/.openclaw credentials directory, and to store an encryption key (ssh-batch.key). Those privileges are proportionate to its functionality, but they are sensitive and should be audited.
Persistence & Privilege
post-install.sh configures and enables a systemd service that auto-starts the Web UI. Auto-starting a UI/service that can manage SSH access increases persistence/privilege. Combined with the service binding to all interfaces and the openclaw-integration programmatic control, this raises the risk that operations could be triggered without the explicit interactive confirmation emphasized in SKILL.md.
What to consider before installing
Before installing or enabling this skill, review and harden these points:
1) Confirmation enforcement: Inspect the main entry (ssh-batch-manager.py) to confirm it enforces an explicit interactive confirmation step for enable operations even when invoked programmatically (e.g., via openclaw-integration.py). If confirmation is skipped for non-interactive runs, do not install.
2) Web UI exposure: serve-ui.py binds to all interfaces by default (socketserver.TCPServer(('', PORT))). Change it to bind to 127.0.0.1 or add firewall rules so the UI is not accessible from the network unless you explicitly intend that.
3) Systemd auto-start: post-install.sh creates and enables a systemd unit under /etc/systemd/system. Run this script manually and review the generated unit before using sudo to install it. If you prefer, do not enable auto-start and run the UI manually in a controlled environment.
4) Programmatic triggers: If you use an agent or automation that can call openclaw-integration.py or other scripts, restrict or remove that entry point unless you have strong safeguards ensuring human approval is required.
5) Secrets storage and key management: Verify how the Fernet key (ssh-batch.key) is generated, stored, and backed-up. Treat that key as sensitive — if an attacker obtains it plus the config file, encrypted passwords can be decrypted. Consider using a secure key store rather than a plain file.
6) Network and privilege audit: Confirm the service runs as an unprivileged user and that systemd unit security settings are appropriate. The unit sets NoNewPrivileges and PrivateTmp, but it does not restrict network access or capabilities; consider adding additional systemd sandboxing (e.g., ProtectSystem, RestrictAddressFamilies) if needed.
7) Test in isolation: Try the tool in an isolated test environment (no production servers, localhost-only UI) to confirm behavior and confirmation enforcement before deploying on machines that manage real servers.
If you want, I can: (a) point to the exact lines in the main script where confirmation and network binding occur, (b) suggest minimal code edits to bind the UI to localhost and to enforce confirmation in non-interactive runs, or (c) provide a checklist to run the post-install script safely.Like a lobster shell, security has layers — review code before you run it.
all-files-verifiedvk970ge2hvpr52f306mcdparqk5826t8qauditedvk970ge2hvpr52f306mcdparqk5826t8qauto-startvk979mybem44n3z1tx6c7esrpd1827tj3automationvk970ge2hvpr52f306mcdparqk5826t8qbatchvk970ge2hvpr52f306mcdparqk5826t8qbatch-operationsvk979mybem44n3z1tx6c7esrpd1827tj3encryptedvk970ge2hvpr52f306mcdparqk5826t8qenglish-onlyvk970ge2hvpr52f306mcdparqk5826t8qlatestvk9730z4vhc2mbaj9830zkedmhd828q96no-shell-injectionvk970ge2hvpr52f306mcdparqk5826t8qpython-jsonvk97carpnampejbn2pdfqbpfxn18275kksecurevk970ge2hvpr52f306mcdparqk5826t8qsecurityvk970ge2hvpr52f306mcdparqk5826t8qshlex-quotevk97carpnampejbn2pdfqbpfxn18275kksshvk970ge2hvpr52f306mcdparqk5826t8qweb-uivk979mybem44n3z1tx6c7esrpd1827tj3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔑 Clawdis
Binsssh, ssh-copy-id, sshpass