Bundle Pluginsource linked

ManageLMv1.0.0

Manage Linux & Windows servers from OpenClaw with natural language

@managelm/openclaw-plugin·runtime @managelm/openclaw-plugin·by @managelm

openclaw bundles install clawhub:@managelm/openclaw-plugin

Latest release: v1.0.0Download zip

Capabilities

Bundle format

tar.gz

Compatibility

Built With Open Claw Version

2026.4.5

Min Gateway Version

2026.3.24-beta.2

Plugin Api Range

>=2026.3.24-beta.2

Plugin Sdk Version

2026.4.5

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the implemented behavior: the plugin calls a ManageLM portal API (default app.managelm.com) and exposes tools for listing agents, running tasks, audits, searches, etc. The plugin config schema exposes portalUrl, apiKey, and webhookSecret — all expected for this purpose.

ℹ

Instruction Scope

SKILL.md instructs only to set plugin config (API key, optional portal URL, webhook secret) and to trust/enable the plugin and its tools. Those operations are within scope, but the instructions ask administrators to set plugins.allow and tools.profile to 'full' which is a gateway-wide change — this grants broad tooling access and should be applied intentionally.

✓

Install Mechanism

There is no external download/install script in the manifest; this is an instruction+plugin bundle with compiled JS included in dist/. No remote archives or shortened URLs are fetched during install.

✓

Credentials

The plugin requires a single service credential (ManageLM API key) defined in plugin config (not as environment variables). No unrelated secrets or external credentials are requested. The optional webhook secret is appropriate for verifying incoming webhook HMACs.

ℹ

Persistence & Privilege

always is false and the skill is user-invocable (normal). However, the setup steps require adding the plugin to plugins.allow and enabling tools (potentially via tools.profile="full"). These gateway-level permissions enable the plugin to be used by agents and should be granted only if you trust the ManageLM service and the plugin.

Assessment

This plugin appears to do what it says: it forwards commands and queries between OpenClaw and a ManageLM portal using an API key stored in plugin config. Before installing: (1) Only install if you trust ManageLM (or your self-hosted portal); the plugin can trigger tasks on your servers via the portal. (2) Create and use a scoped API key with the minimum permissions required. (3) Prefer enabling only the specific managelm tools you need rather than setting tools.profile="full" if possible. (4) If you enable webhooks, set the webhookSecret and verify that the gateway endpoint /managelm/webhook is properly restricted. (5) Review the included dist/index.js (already present in the package) and consider hosting the portal yourself if you need stronger audit/control. (6) Monitor gateway and portal logs after enabling the plugin. If you need higher assurance, request the plugin source or an independent code audit.

Verification

Tier

source linked

Scope

artifact only

Summary

Validated package structure and linked the release to source metadata.

Source

github.com/managelm/openclaw-plugin

Commit

2642f456b367

Tag

main

Provenance

Scan status

clean

ManageLM — OpenClaw Plugin

Manage your Linux and Windows servers from OpenClaw using natural language.

Install

openclaw plugins install managelm

Or from a downloaded tarball:

openclaw plugins install managelm-openclaw-1.0.0.tar.gz

Setup

# 1. Set your API key (from Portal > Settings > MCP & API)
openclaw config set plugins.entries.managelm.config.apiKey "mlm_ak_your_key"

# 2. Trust the plugin
openclaw config set plugins.allow '["managelm"]'

# 3. Enable tools for the agent
openclaw config set tools.allow '["managelm"]'
openclaw config set tools.profile "full"

# 4. Restart the gateway

Self-hosted portals — also set:

openclaw config set plugins.entries.managelm.config.portalUrl "https://portal.example.com"

Tools (17)

Server management

Tool	Description
`managelm_agents`	List all servers with status, health, OS, IP
`managelm_agent_info`	Detailed info for one server
`managelm_run`	Run a task (skill + target + instruction)
`managelm_answer_task`	Answer an interactive task question

Task tracking

Tool	Description
`managelm_task_status`	Check task status
`managelm_task_history`	Recent tasks for a server
`managelm_task_changes`	View file diffs from a task
`managelm_revert_task`	Undo file changes

Audits & scans

Tool	Description
`managelm_security_audit`	Run security audit
`managelm_inventory_scan`	Run inventory scan

Search (read-only, no commands dispatched)

Tool	Description
`managelm_search_agents`	Search by health, OS, status, group
`managelm_search_inventory`	Search packages, services, containers
`managelm_search_security`	Search security findings
`managelm_search_ssh_keys`	Search SSH keys
`managelm_search_sudo`	Search sudo privileges

Utility

Tool	Description
`managelm_account`	Account info, plan, usage
`managelm_send_email`	Send email report

Example usage

> List my servers
> Install nginx on web-prod-1
> Which servers have CPU above 80%?
> Run a security audit on db-primary
> Show me all critical security findings
> Who has SSH access to production servers?

How it works

OpenClaw                      ManageLM Portal            Agent (on host)
┌──────────────────┐  REST    ┌──────────────┐   WS     ┌──────────────┐
│  Agent (LLM)     │ ───────► │  Portal API  │ ───────► │  Local LLM   │
│  Plugin (17)     │ ◄─────── │  /api/       │ ◄─────── │  (executes)  │
└──────────────────┘          └──────────────┘          └──────────────┘

Webhooks (optional)

openclaw config set plugins.entries.managelm.config.webhookSecret "whsec_..."

Point a ManageLM webhook to your gateway's /managelm/webhook.

Requirements

OpenClaw with gateway running
ManageLM Portal — managelm.com or self-hosted
ManageLM Agent — on each managed server
API Key — from Portal > Settings > MCP & API

License

Apache 2.0