skill-cross-agent-v1.0.0.tar
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill is meant for SSH-based multi-machine agent control, but it gives broad remote command/file access, stores SSH passwords locally, and disables SSH host verification.
Install only if you intentionally want SSH-based control of trusted machines on a trusted LAN. Do not save SSH passwords unless you accept the local exposure risk, verify target host keys, and be especially careful with the exec, get, and put commands because they can affect arbitrary remote data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly or through a misleading prompt, this could modify, delete, or expose data on the remote machine using the supplied SSH account.
The script executes a caller-supplied command on a remote machine over SSH, creating an unbounded remote shell capability rather than a scoped task API.
sshpass -p "$TARGET_PASS" ssh ... "${TARGET_USER}@${TARGET_IP}" "$COMMAND" 2>&1Use this only with trusted targets, consider disabling or removing the exec command, and add explicit user confirmation or an allowlist for remote commands.
A saved SSH password could be read by local users, backups, logs, or other processes with file access, giving access to the remote account.
The skill saves the SSH password as plaintext in ~/.config/openclaw/cross-agent.conf and the show function prints the config file contents.
echo "default_pass=$2" >> "$CONFIG_FILE" ... cat "$CONFIG_FILE"
Avoid saving passwords; prefer SSH keys with an agent or an OS secret store, restrict file permissions, and clear saved credentials after use.
A spoofed or man-in-the-middle host on the LAN could receive task messages and SSH login attempts intended for the real target.
The task-sending SSH connection disables host-key verification and avoids recording known hosts, so the remote agent identity is not strongly verified.
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/nullEnable SSH host-key checking, verify host fingerprints before first use, and avoid sending sensitive tasks or files until the target identity is confirmed.
Installing can change local system packages and requires elevated privileges if dependencies are missing.
The installer visibly asks before using sudo to install OS packages, but this install behavior is not represented by a registry install spec.
read -p "是否自动安装? (y/n) " ... sudo apt update && sudo apt install -y sshpass openssh-client netcat-openbsd iputils-ping
Review the installer before running it, install dependencies through your normal package-management process, and ensure the registry metadata declares required binaries.