Proxmox
Security checks across malware telemetry and agentic risk
Overview
The skill appears to do what it says—manage Proxmox—but it needs powerful cluster credentials and can disrupt VMs or containers if used carelessly.
Install only if you want the agent to help manage your Proxmox cluster. Use a dedicated least-privilege API token, protect ~/.proxmox-credentials, prefer proper TLS certificates over curl -k, and require explicit confirmation before disruptive actions such as stop, reboot, rollback, or snapshot deletion.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad agent request could start, stop, reboot, or snapshot the wrong Proxmox workload.
The helper can issue Proxmox API mutations that stop guest workloads; this matches the stated purpose but can disrupt services if the wrong VM/container is targeted.
api POST "/nodes/$node/$vmtype/$vmid/status/stop" | jq
Use least-privilege API tokens and require explicit user confirmation before stop, reboot, rollback, delete, or other disruptive operations.
On an untrusted network or with a spoofed host, the Proxmox API token could be exposed or requests could be redirected.
The helper always uses curl with -k, disabling TLS certificate validation while sending the Proxmox authorization header.
curl -ks -X "$method" -H "$AUTH" "$PROXMOX_HOST/api2/json$endpoint" "$@"
Prefer a valid Proxmox TLS certificate and remove or make optional the -k flag unless you intentionally accept the risk for a trusted self-signed local host.
Anyone or any agent action with access to the token can perform the Proxmox actions allowed by that token.
The skill requires Proxmox API credentials; this is expected for the integration, but those credentials can carry significant authority over the configured cluster.
export PROXMOX_TOKEN_ID="user@pam!tokenname" export PROXMOX_TOKEN_SECRET="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Create a dedicated least-privilege API token, restrict it to the needed nodes/VMs/actions, protect the secret, and rotate it if exposed.
If ~/.proxmox-credentials is modified with malicious shell commands, those commands would run when the helper is invoked.
The helper sources the credentials file as shell, so content in that file is executed rather than merely parsed as key-value data.
if [[ -f ~/.proxmox-credentials ]]; then
source ~/.proxmox-credentials
fiKeep the credentials file user-owned with mode 600, do not paste untrusted content into it, and consider parsing key-value pairs instead of sourcing the file.
Users may not see prerequisites and credential expectations from the registry metadata alone.
The registry metadata does not declare runtime tools or credentials even though the provided artifacts use curl/jq and require Proxmox token configuration.
Required binaries (all must exist): none Env var declarations: none Primary credential: none
Declare curl, jq, the Proxmox host/token environment variables, and the optional ~/.proxmox-credentials path in metadata.