安全扫描
OpenClaw
安全
medium confidenceThe skill is internally consistent with its stated purpose (managing a local ssh-agentd via systemd and local HTTP API); it contains a small helper script and instructions that match that functionality, but it has a few environmental assumptions you should verify before use.
评估建议
This skill appears to do what it says: help manage a local ssh-agentd service and call its HTTP API. Before installing or using it: (1) verify the hard-coded paths (e.g., /home/krex/...) and update them to match your environment; (2) review the systemd unit and hosts.yaml on the target machine so you trust what the agent can do; (3) treat SSH_AGENTD_TOKEN like any secret — do not store it in files checked into repos and prefer short-lived tokens with minimal scope; (4) be aware the script unsets...详细分析 ▾
ℹ 用途与能力
The name/description match the provided instructions and script: systemctl commands, local API calls, and connectivity checks. Minor oddity: SKILL.md references hard-coded user-specific paths (/home/krex/...) which makes the skill environment-specific and may not work on other machines or leak path assumptions.
✓ 指令范围
Instructions tell the agent to run systemctl, inspect sockets, and call the local API (including running remote commands through the agent). All of these are coherent with managing ssh-agentd. Note: the skill suggests running privileged commands (sudo) and will invoke operations that can execute arbitrary commands on hosts via the agent's /run endpoint — expected for this tool but powerful, so exercise caution.
✓ 安装机制
No install spec (instruction-only) and only a small helper script are included, so nothing is downloaded or written to disk at install time beyond the provided files.
ℹ 凭证需求
Registry metadata lists no required env vars, but the script and examples use SSH_AGENTD_TOKEN and optionally SSH_AGENTD_URL. This is reasonable (token is optional if API auth is disabled), but the skill should document these env vars in its manifest. The script intentionally unsets proxy env vars/uses --noproxy to reach localhost; while sensible to avoid proxy interception, this behavior can bypass network monitoring in some environments and is worth noting.
✓ 持久化与权限
The skill does not request always:true or persistent privileges. It instructs administrators to run systemctl (sudo) for enabling/restarting the service — appropriate for managing a systemd service. The skill does not modify other skills or global agent settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/3/2
● 可疑
安装命令 点击复制
官方npx clawhub@latest install ssh-agentd-control
镜像加速npx clawhub@latest install ssh-agentd-control --registry https://cn.clawhub-mirror.com
技能文档
适用环境(当前):
- 二进制:
/home/krex/.openclaw/workspace-hermes/ssh-agentd/bin/ssh-agentd - 配置:
/home/krex/.openclaw/ssh-agentd/hosts.yaml - systemd:
ssh-agentd.service - 默认监听:
127.0.0.1:18081
快速检查
sudo systemctl is-enabled ssh-agentd.service
sudo systemctl is-active ssh-agentd.service
ss -ltnp | grep 18081
sudo systemctl status ssh-agentd.service --no-pager -l | sed -n '1,80p'
启停与自启
sudo systemctl daemon-reload
sudo systemctl enable --now ssh-agentd.service
sudo systemctl restart ssh-agentd.service
sudo systemctl stop ssh-agentd.service
API 调用要点
1) 默认使用 Bearer Token 鉴权(若配置启用) 2) 本机常有代理变量,调用本地 API 时必须绕过代理
推荐统一用脚本:scripts/api.sh
示例:运行远程命令
SSH_AGENTD_TOKEN='' \
scripts/api.sh POST /run '{"host":"nas","cmd":"hostname && whoami","timeoutSec":10}'
示例:查看会话与指标
SSH_AGENTD_TOKEN='' scripts/api.sh GET /sessions
SSH_AGENTD_TOKEN='' scripts/api.sh GET /metrics
SSH_AGENTD_TOKEN='' scripts/api.sh GET /health
常见故障
1) 返回 401 unauthorized
- 检查
apiAuth.enabled/token配置 - 确认请求头
Authorization: Bearer
2) 调本地 API 返回 502
- 原因:请求被系统代理劫持
- 处理:用
--noproxy '*'或临时 unset 代理变量(脚本已内置)
3) run 失败且提示 host key/known_hosts
- 原因:v1 已启用 HostKey 校验
- 处理:把目标主机 key 加入
known_hosts
安全约束
- 不要把真实 token/密码写进 skill 文件。
- 不要把
hosts.yaml放进仓库。 - 修改服务配置后必须重启并验证
status + /health + /sessions。
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制