ClawHub

Config Management

v1.0.0

Configuration backup, drift detection, and golden config validation across Cisco IOS-XE/NX-OS, Juniper JunOS, and Arista EOS. Covers running vs startup compa...

0· 90·2 current·2 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (backup, drift detection, golden-config validation) align with the provided instructions which are device CLI commands and normalization/diff guidance. One minor inconsistency: the SKILL.md's embedded openclaw metadata lists a required binary 'ssh' while the registry metadata earlier showed no required binaries — functionally, SSH access is expected for this skill.
Instruction Scope
SKILL.md contains explicit, vendor-specific read and write CLI steps (show, diff, copy/commit/rollback). Read-only checks are clearly separated from write operations (marked with ⚠️). The instructions do not attempt to read unrelated local files or hidden endpoints. They do instruct sending configs to archival endpoints (TFTP/SCP/flash), which is expected for backups but requires the user to supply and trust those servers.
Install Mechanism
No install spec or code is included (instruction-only), so nothing will be downloaded or written to disk by the skill itself. This is the lowest-risk install model and appropriate for a procedural playbook.
Credentials
The skill declares no required environment variables, which is coherent for an instruction-only playbook that expects the user/agent to supply device credentials at runtime. However, the practical operation of the skill requires SSH/console access and credentials for devices and for archival servers (SCP/TFTP), and those sensitive values are not declared in requires.env — users should ensure credentials are provided securely and limited in scope. There are no unexplained or unrelated credential requests in the instructions.
Persistence & Privilege
The skill does not request always:true and does not modify agent-wide settings. It is user-invocable and may be invoked autonomously (platform default), which is expected for reusable skills; this alone is not a concern given other dimensions look coherent.
Assessment
This is an instruction-only network configuration playbook and appears coherent with its stated purpose. Before using it: (1) run read-only checks first to validate usefulness; (2) do not hand over broad, long-lived credentials — provide scoped device accounts and temporary access where possible; (3) prefer secure archival transports (SCP/SFTP over TFTP) and ensure archival servers are trusted and access-controlled; (4) confirm maintenance windows and authorization before executing any ⚠️ WRITE steps (replace/commit/rollback); (5) if you plan to let an agent run autonomously, restrict its permissions and audit its actions. The only minor inconsistency is that SKILL.md metadata indicates 'ssh' as a required binary while registry metadata did not list required binaries — functionally SSH access is required for the skill to operate.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fmyyshgpx9egasty58fmq1583djdp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments