by 安全扫描
OpenClaw
安全
medium confidenceThe skill's files and instructions are coherent with a Docker-VM health-checker: it uses SSH to run remote diagnostic commands and optionally prunes unused Docker resources; nothing requested is disproportionate, but there are a few security-practice concerns you should consider before running it.
评估建议
This skill appears to do what it says, but take these precautions before installing/using it:
- Do not store private key material in project files. The skill saves the SSH key path to TOOLS.md; avoid writing actual private keys and consider not storing the path in a repo (add TOOLS.md to .gitignore or keep credentials out of the workspace). Prefer passing VM_HOST/VM_USER/SSH_KEY as environment variables at runtime.
- Host-key verification is disabled (ssh -o StrictHostKeyChecking=no). That avoi...详细分析 ▾
✓ 用途与能力
The name/description match the implementation: the script SSHes to a Docker-based VM and gathers system, Docker, and DB metrics and can prune images/build cache. No unrelated credentials or services are requested.
ℹ 指令范围
SKILL.md instructs the agent to read and append VM_HOST, VM_USER, and SSH_KEY (path) to TOOLS.md in the workspace. Persisting VM connection details in a project file is a design choice but can leak hostnames and key paths; the script then performs remote docker/mysql/psql commands and may run destructive cleanup when 'cleanup' is selected. The instructions suppress stderr in several places which can hide errors.
✓ 安装机制
No install spec; this is instruction-only with a single included bash script. Nothing is downloaded or written to disk by an installer step beyond the requested TOOLS.md edit.
ℹ 凭证需求
The skill declares no required env vars but expects VM_HOST, VM_USER, and SSH_KEY at runtime (and asks to save them to TOOLS.md). Those variables are expected for SSH-based checks; however storing the SSH_KEY path in a workspace file and relying on an on-disk private key has privacy implications. The script uses ssh -i <key> so the private key file will be used by the SSH client (expected for SSH access).
ℹ 持久化与权限
always:false and normal invocation. The only persistent behavior is appending connection info to TOOLS.md (the skill does not modify other skills or global agent settings). Persisting host/key info in a repository/workspace file is potentially sensitive and should be managed (e.g., .gitignore or avoid storing key paths).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/3/18
Improved ClawHub description — clearer use cases and trigger phrases
● 可疑
安装命令
点击复制官方npx clawhub@latest install tonic-vm-check
镜像加速npx clawhub@latest install tonic-vm-check --registry https://cn.longxiaskill.com