📦 Huawei Device Inspector — 华为设备巡检

Name: Huawei Device Inspector — 华为设备巡检
Rating: 1

v1.0.0

通过SSH自动巡检华为交换机与路由器，一键完成状态检查、告警收集与安全风险排查，生成可视化健康报告。

1· 108·1 当前·1 累计

by @v585 (聿歆)

网络工具自动化安全系统工具测试工具

下载技能包

最后更新

2026/3/21

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

This skill does what it says (connects to Huawei devices over SSH and runs inspection commands), but it includes hard-coded device IPs and plaintext credentials inside SKILL.md. Do NOT run it as-is on your network. Before installing: - Treat the listed IPs/credentials as potentially sensitive and either remove them or confirm they are safe test accounts. - Replace embedded credentials with user-supplied secrets (environment variables, secure prompt, or secret store) and declare them in the skill...

详细分析 ▾

ℹ 用途与能力

The name/description (Huawei device SSH inspection) aligns with the instructions to SSH and run display commands. However, the SKILL.md embeds concrete device IPs and plaintext credentials instead of asking the user to provide or store credentials securely; that is unexpected for a reusable skill.

⚠ 指令范围

The instructions tell the agent to spawn interactive SSH sessions via pexpect and run many device commands (expected). But they also include hard-coded management addresses and passwords, and advise disabling host key checking (-o StrictHostKeyChecking=no). The instructions do not specify how credentials should be supplied, validated, or limited, and they would cause the agent to connect to specific hosts automatically if run as-is.

✓ 安装机制

This is an instruction-only skill with no install spec; it lists reasonable runtime dependencies (Python3 + pexpect, optional sshpass). No downloads or archive extracts are present.

⚠ 凭证需求

requires.env is empty but the SKILL.md contains plaintext usernames and passwords and specific management IPs. The skill requests no declared secrets while expecting access to device credentials — that mismatch is disproportionate and increases risk (hard-coded secrets, unclear secret sourcing).

✓ 持久化与权限

The skill is not always-enabled and has no install-time persistence. It does not request system-wide configuration changes or elevated platform privileges.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/21

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install huawei-device-inspector

镜像加速npx clawhub@latest install huawei-device-inspector --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库