autodl-train
v1.0.0Operates remote model training jobs on AutoDL Linux servers over SSH. Use when starting a training run, checking whether training is still alive, reviewing G...
⭐ 1· 163·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the code and SKILL.md: scripts start/resume training, check status, monitor resources and parse logs. Declared behavior (SSH to host, operate inside a configured project_path, read logs, detect failures) is exactly what the included scripts implement.
Instruction Scope
SKILL.md instructs the agent to run the included scripts and to operate only inside project_path; the scripts follow that model (they create a launcher in the project directory, read log files from configured candidates, run nvidia-smi and /proc reads on the remote host). There is no instruction to collect or transmit files to third-party endpoints beyond SSHing to the target server.
Install Mechanism
No install spec is present (instruction-only skill with local Python scripts). Nothing is downloaded or executed from arbitrary URLs; risk from installs is minimal.
Credentials
The skill requests no required env vars but supports many AUTOCLAW_* environment overrides (host, username, ssh key path, and ssh password among others). Those variables are relevant to SSH-based operation. Note: providing an SSH password in environment is supported (AUTOCLAW_TRAIN_SSH_PASSWORD); this is expected but raises the usual operational risk of password-in-env exposure—prefer SSH keys. All declared env mappings are proportional to the task.
Persistence & Privilege
Skill does not request permanent/global privileges (always=false). Its operations are limited to running commands on a user-provided remote host and creating a launcher file inside the configured project_path. It does not attempt to modify other skills or system-wide settings.
Assessment
This skill appears coherent and implements what it claims: it needs SSH access to the remote AutoDL server and will run commands inside the configured project_path. Before installing or running: 1) Treat SSH credentials as powerful—only grant access to hosts you trust. Prefer SSH keys over putting passwords in environment variables. 2) Verify the truncated helper functions (run_remote_script, build_ssh_command, build_activation_block) to ensure they do not write secrets to disk or leak credentials and that password handling (if used) is secure. 3) Confirm allowed_project_roots in your config so the skill cannot be pointed to an overly broad path (e.g., '/'). 4) Test first against a non-production project/host to observe behavior. 5) If you need higher assurance, request the remaining parts of common.py (the SSH/remote-run implementation) so they can be inspected for any unsafe temporary-file or subprocess patterns. Overall risk is typical for any tool that executes commands on a remote server via SSH.Like a lobster shell, security has layers — review code before you run it.
latestvk97akd925yhxmy7hsvzybs3v7d82thhw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.