Provision, inspect, and terminate disposable OpenNebula virtual machines through a restricted control plane API. Use when an OpenClaw agent needs a short-liv...
Security Analysis
medium confidenceThe skill matches its stated VM-management purpose, but it gives an agent high-impact VM create/delete authority while the docs show unfinished API authentication and credential hardening.
The stated purpose is coherent, but the exposed API can create VMs and hard-terminate VMs by name or ID, which is high-impact infrastructure mutation.
The workflow encourages cleanup by terminating the VM when complete, but does not require explicit confirmation or constrain deletion to VMs created in the current task.
There is no install spec, but a bundled shell helper uses curl and an API base environment variable that are not declared in the metadata.
The setup reference treats API authentication, secret storage, and network binding restrictions as follow-up hardening even though the API controls VM lifecycle actions.
The deployment model involves OpenNebula credentials and a local service account with sudo access to OpenNebula CLI binaries; this can be appropriate, but needs tight operational controls.
Guidance
Install only if you control the OpenNebula environment and can verify the API is authenticated, network-restricted, and limited to disposable VMs. Before use, confirm the API endpoint, credentials, template allowlist, and deletion safeguards.
Latest Release
v1.0.1
Add source link to GitHub
Popular Skills
Published by @ktfh-claw on ClawHub
