Safety Report

Sysadmin Toolbox

Name: Sysadmin Toolbox
Author: jdrhyne

Tool discovery and shell one-liner reference for sysadmin, DevOps, and security tasks. AUTO-CONSULT this skill when the user is: troubleshooting network issues, debugging processes, analyzing logs, working with SSL/TLS, managing DNS, testing HTTP endpoints, auditing security, working with containers, writing shell scripts, or asks 'what tool should I use for X'. Source: github.com/trimstray/the-book-of-secret-knowledge

4,799Downloads

42Installs

0Stars

2Versions

API Integration11,971 Security & Compliance3,689 CLI & Shell Tools3,679 Project Management3,041

Security Analysis

high confidence

Clean0.04 risk

The skill is internally consistent with its description — a local read-only reference of sysadmin/devops/security tools and one‑liners, with an optional refresh script that pulls updates from a public GitHub repo.

Feb 11, 20267 files1 concern

Purpose & Capabilityok

The name/description match the delivered files: curated references for CLI/web/security tools and shell one‑liners. The included refresh script and references align with the stated goal of keeping content current from the upstream GitHub repo.

Instruction Scopenote

SKILL.md instructs the agent to load local reference files for relevant queries and documents a manual/weekly refresh via scripts/refresh.sh. Loading and recommending commands (including offensive/security tooling) is expected for a sysadmin/pentest toolbox. The only runtime network action comes from the refresh script (git clone) which is invoked manually or by scheduler if the operator sets it up — the skill does not itself hide any additional file reads or exfiltration steps.

Install Mechanismok

There is no install spec; the skill is instruction/content-only with a small helper script. The refresh script uses 'git clone' from a well-known GitHub repo, extracts README sections with awk, and writes them into the skill directory. That behavior is consistent with the stated purpose.

Credentialsok

The skill requests no environment variables, no credentials, and no special config paths. The refresh script writes into a skill directory (default under the user's home) — expected for content refresh and proportional to the skill's purpose.

Persistence & Privilegeok

The skill does not request always:true and is user-invocable with normal autonomous invocation allowed. It does not modify other skills or system-wide settings. The refresh script updates only the skill's own files.

Guidance

This skill is a straightforward, coherent reference bundle for sysadmins and security practitioners. Things to consider before enabling: 1) The content includes offensive/pentesting tools and commands — that is expected but could be misused; ensure you only run commands you understand and have authorization to use. 2) The refresh.sh script pulls updates from a public GitHub repo and overwrites the skill's reference files — if you plan to use automated refreshes, review or pin the upstream source to avoid unexpected updates. 3) The skill does not request secrets or credentials, but it can recommend commands that perform network or destructive actions; prefer to keep execution of suggested shell commands manual or sandboxed. If you want minimal risk, keep auto-refresh disabled and inspect any updates before running the refresh script.

Latest Release

v1.1.0

Added refresh.sh script for weekly auto-sync from upstream repo

More by @jdrhyne

JIRA

11 stars

Nutrient Openclaw

2 stars

Munger Observer

2 stars

Context Recovery

2 stars

Nudocs

0 stars

GA4 Analytics

0 stars

Published by @jdrhyne on ClawHub