ClawHub

kickstart

v1.0.0

Generate and manage Kickstart unattended installation configs for automated setup of RHEL/Fedora/CentOS systems with partitioning, networking, users, package...

0· 77·0 current·0 all-time
bywei dong@weidongkl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Kickstart unattended-install configs) match the SKILL.md content: it provides Kickstart file templates, partition/network/user/package examples, and references to Kickstart validation tools (system-config-kickstart, pykickstart, ksvalidator). No unrelated credentials/binaries are requested.
Instruction Scope
The SKILL.md stays within the domain of kickstart creation/validation and post-install scripting. It does include potentially destructive examples (clearpart, partitioning, autopart) and system-modifying commands in %post sections (dnf update, package installs, editing /etc/ssh/sshd_config, systemctl restart sshd). Those are expected for this domain but are powerful — following examples verbatim will modify or wipe target systems.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded artifacts. The SKILL.md suggests using platform package managers (dnf) to install tools on target systems; the skill itself does not fetch or execute external code during install.
Credentials
The skill requests no environment variables or credentials. However, the examples show embedding sensitive data (root passwords in plaintext, encrypted hashes, SSH keys) directly into Kickstart files and reference network locations (http/ftp/nfs) for ks.cfg — this is expected for Kickstart usage but poses operational security risks if used carelessly (e.g., placing secrets in publicly accessible HTTP endpoints or committing ks files with plaintext passwords).
Persistence & Privilege
No 'always' privilege requested; model invocation is allowed (default) which is normal. The skill does not declare or require modifying other skills or system-wide agent settings.
Assessment
This skill appears to be what it says — a collection of Kickstart templates and how-to instructions. Before using it: (1) never run examples verbatim on production hardware — partitioning examples (clearpart, part, autopart) will wipe disks; test in VMs. (2) Do not embed plaintext passwords or private keys into ks files or host them on public HTTP endpoints; prefer encrypted passwords and secure distribution (secure HTTP, internal webserver, or configuration management). (3) Review all %post scripts thoroughly — they run as root during install and can change services or install packages. (4) If you intend the agent to execute commands on your machine, limit its privileges and inspect commands first. (5) Inspect the truncated portion of the SKILL.md (the file was truncated in the bundle) before trusting it — ensure there are no instructions that exfiltrate data or contact untrusted endpoints. If you need reduced risk, use the templates as reference only and implement them manually in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

anacondavk974g7djdqjavprmx8v9yc1rf583e4vhautomatedvk974g7djdqjavprmx8v9yc1rf583e4vhinstallationvk974g7djdqjavprmx8v9yc1rf583e4vhkickstartvk974g7djdqjavprmx8v9yc1rf583e4vhlatestvk974g7djdqjavprmx8v9yc1rf583e4vhrhelvk974g7djdqjavprmx8v9yc1rf583e4vh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments