Code PluginExecutes codesource-linked

SSH Tools

OpenClaw plugin for SSH key management and diagnostics.

Community code plugin. Review compatibility and verification before install.

marxbiotech-ssh-tools · runtime id marxbiotech-ssh-tools

Install

openclaw plugins install clawhub:marxbiotech-ssh-tools

Latest Release

Version 1.0.0

Download zip

Compatibility

{
  "builtWithOpenClawVersion": "1.0.0",
  "pluginApiRange": ">=1.0.0"
}

Capabilities

{
  "bundledSkills": [],
  "capabilityTags": [
    "executes-code"
  ],
  "channels": [],
  "commandNames": [],
  "configSchema": true,
  "configUiHints": false,
  "executesCode": true,
  "hooks": [],
  "httpRouteCount": 0,
  "materializesDependencies": false,
  "providers": [],
  "runtimeId": "marxbiotech-ssh-tools",
  "serviceNames": [],
  "setupEntry": false,
  "toolNames": []
}

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The code and scripts implement SSH key generation, permission fixes, symlink creation, known_hosts population, and GitHub connectivity checks — all consistent with the described purpose. However, the SKILL.md declares required CLI tools (ssh-keygen, ssh-keyscan, ssh) but the registry metadata lists no required binaries; that's an inconsistency between claimed runtime requirements and the declared metadata.

Instruction Scope

The runtime instructions and code modify filesystem state: they create /root/.openclaw/workspace/.ssh, create or overwrite the symlink /root/.ssh, and may remove an existing /root/.ssh directory. Those actions are within the described SSH-management scope but are potentially destructive (they remove/replace a real ~/.ssh). The scripts also run ssh-keyscan and ssh to contact github.com — expected for GitHub integration, but these make network calls to an external host. The SKILL.md states scripts run 'without the AI agent' which matches the code (native execFile/#!/bin/bash), so no hidden LLM steps are present.

✓

Install Mechanism

There is no install spec (instruction-only in registry), and the package contains local scripts and TypeScript code — no downloads from external URLs or package installs. This is lower risk from an install-source perspective.

ℹ

Credentials

The skill requires no secrets or credentials; it optionally reads MOLTBOT_EMAIL to annotate the key and OPENCLAW_HOME to locate the workspace (the latter is a platform variable). That is proportionate. Minor mismatch: OPENCLAW_HOME is used but not declared in the registry metadata; MOLTBOT_EMAIL is documented as optional and is reasonable.

Persistence & Privilege

The commands run with filesystem write privileges for the agent user: creating directories, changing permissions, creating/removing symlinks, and removing ~/.ssh if it's a real directory. While always:false and requireAuth:true limit automatic global inclusion, these file-modifying actions are privileged within the container and can destroy an existing SSH configuration if you run the command without backing up. No evidence of modifying other plugins or system-wide settings beyond the described SSH paths.

What to consider before installing

This skill appears to do what it says (generate and check SSH keys and test GitHub SSH). Before installing/running: 1) ensure the container has openssh-client (ssh-keygen, ssh-keyscan, ssh) as the SKILL.md requires — the registry metadata does not declare these binaries; 2) back up any existing ~/.ssh on the agent/container host because the skill may remove or replace that directory when creating the symlink; 3) expect the skill to make network calls to github.com (ssh-keyscan and ssh -T git@github.com) — if you don't want outbound SSH connections, do not run it; 4) review the included scripts (they are present in the package) and test in an isolated environment if you are unsure. If these behaviors are acceptable and you have backups, the functionality is coherent; otherwise treat it as risky.

✗

src/ssh-check.ts:12

Shell command execution detected (child_process).

✗

src/ssh-setup.ts:12

Shell command execution detected (child_process).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Verification

{
  "hasProvenance": false,
  "scanStatus": "pending",
  "scope": "artifact-only",
  "sourceCommit": "172ec47851ae8a6516032204dce3182fc800e077",
  "sourceRepo": "marxbiotech/moltbot-app",
  "sourceTag": "172ec47851ae8a6516032204dce3182fc800e077",
  "summary": "Validated package structure and linked the release to source metadata.",
  "tier": "source-linked"
}

ssh-tools

OpenClaw plugin for SSH key management and diagnostics.

Commands

Command	Description
`/ssh_setup`	Generate ed25519 key pair, set permissions, create symlink, configure known_hosts
`/ssh_check`	Diagnose SSH key health — symlink, permissions, GitHub connectivity

Requirements

The container must have these CLI tools installed:

ssh-keygen — key generation (part of openssh-client)
ssh-keyscan — known_hosts population (part of openssh-client)
ssh — connectivity testing (part of openssh-client)

These are installed in the Dockerfile via apt-get install -y openssh-client.

Environment Variables

Variable	Required	Description
`MOLTBOT_EMAIL`	No	Email for SSH key comment (e.g. `user@example.com`). Falls back to `openclaw-agent@github`

How It Works

Both commands use registerCommand() which executes without the AI agent — the shell script runs directly, no LLM involved.

/ssh_setup creates keys at /root/.openclaw/workspace/.ssh/, symlinks /root/.ssh to it, and adds github.com to known_hosts. Keys persist across container restarts via R2 backup.
/ssh_check verifies the symlink, file permissions, key fingerprint, and tests ssh -T git@github.com.