sshexec
v1.0.1A skill to execute SSH commands on remote servers, supporting both password and key-based authentication. It includes error handling and logging for command...
⭐ 0· 397·0 current·1 all-time
byleonard.w@xlbbb-cn
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (SSH command execution with password or key auth) matches the provided Python script (ssh_exec.py). The script uses paramiko to open SSH connections, run a command, and return/log output—exactly what the skill claims.
Instruction Scope
SKILL.md and the script limit behavior to connecting to a specified host and executing a single command. However, the documentation examples show passing passwords on the command line (exposed to other local processes/system process listings) and the script logs stdout/stderr (which may contain sensitive data). The script also honors allow_agent=True so it may use local SSH agent keys—this is expected but worth noting.
Install Mechanism
This is instruction-only (no installer). The script depends on the paramiko library and will abort if it's missing; recommending 'pip install paramiko' is expected and proportional. No remote downloads, archive extraction, or nonstandard install paths are present.
Credentials
The skill requests no environment variables or credentials from the platform. It operates using credentials you provide at runtime (password or path to a private key) and may use the local SSH agent—these are appropriate for an SSH executor.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify other skills or system-wide agent settings. It runs as an on-demand script and does not write configuration outside normal logging.
Assessment
This skill appears to do what it says, but exercise normal SSH security hygiene before installing or using it: avoid passing passwords on the command line (use SSH agent or protected key files instead), protect private key files and their passphrases, be mindful that command output is logged (may contain secrets), and prefer enabling --strict-host-key to detect MITM. Because the package source is 'unknown', only run this on trusted machines and review or sandbox the script first; install paramiko from the official PyPI repository and verify integrity before use.Like a lobster shell, security has layers — review code before you run it.
latest
SSH Command Executor
This skill allows you to execute SSH commands on remote servers securely. It supports both password and key-based authentication methods, making it versatile for various use cases.
Features
- Authentication: Supports both password and key-based authentication.
- Command Execution: Execute any command on the remote server and retrieve the output.
- Error Handling: Provides detailed error messages for failed command executions.
- Logging: Logs all executed commands and their results for auditing purposes.
Prerequisites
- SSH Client: Ensure you have an SSH client installed on your local machine.
- Remote Server Access: You must have access to the remote server with the necessary credentials.
- Python Environment: This skill is implemented in Python, so ensure you have Python installed on your local machine.
Usage
To execute a command on a remote server using password authentication:
python3 skills/sshexec/ssh_exec.py --host "remote-server.com" --user "username" --password "password" --command "ls -la"
To execute a command using key-based authentication:
python3 skills/sshexec/ssh_exec.py --host "remote-server.com" --user "username" --key "path/to/private/key" --command "ls -la"
Error Handling
The skill will provide detailed error messages if the command execution fails, such as authentication errors, connection issues, or command errors. All errors will be logged for further analysis.
Future Expansion
- Support for executing multiple commands in a single session.
- Integration with task schedulers for automated command execution.
- Enhanced logging with timestamps and command output storage.
Comments
Loading comments...