automateyournetwork/pyats-junos-system
workspace/skills/pyats-junos-system/SKILL.md
JunOS system operations via pyATS — chassis health, hardware inventory, system info, NTP, SNMP, files/logs, firewall counters, DDoS protection, services accounting. Use when checking Juniper chassis alarms, auditing hardware inventory, reviewing system uptime, or inspecting JunOS firewall counters.
$ install --global
skillsauthnpx skillsauth add automateyournetwork/netclaw pyats-junos-systemInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:30 AM4.4s1 file scanned
SKILL.md
- name:
- pyats-junos-system
- description:
- JunOS system operations via pyATS — chassis health, hardware inventory, system info, NTP, SNMP, files/logs, firewall counters, DDoS protection, services accounting. Use when checking Juniper chassis alarms, auditing hardware inventory, reviewing system uptime, or inspecting JunOS firewall counters.
- license:
- Apache-2.0
- user-invocable:
- true
- { "openclaw":
- { "requires": { "bins": ["python3"], "env": ["PYATS_TESTBED_PATH"] } } }
JunOS System Operations via pyATS
Testbed Requirements
Juniper devices in the pyATS testbed with os: junos:
devices:
juniper-rtr-01:
os: junos
type: router
connections:
cli:
protocol: ssh
ip: 10.0.0.1
port: 22
credentials:
default:
username: "%ENV{NETCLAW_USERNAME}"
password: "%ENV{NETCLAW_PASSWORD}"
How to Call
PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"<command>"}'
Commands
Chassis Health & Hardware
Chassis Alarms
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show chassis alarms"}'
Active alarms on the chassis. Check first — any active alarm indicates a hardware or environmental issue.
Chassis Environment
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show chassis environment"}'
Temperature, fan speed, power supply status across all components. Variants:
show chassis environment fpc— FPC-specific temperature and statusshow chassis environment routing-engine— RE temperature and statusshow chassis environment {component}— Specific component (e.g.,cb0,pem0)
Chassis FPC (Flexible PIC Concentrators)
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show chassis fpc"}'
FPC slot status, state (Online/Offline), temperature, CPU/memory utilization. Variants:
show chassis fpc detail— Extended FPC details including uptimeshow chassis fpc pic-status— PIC status within each FPC slot
Chassis PIC
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show chassis pic fpc-slot 0 pic-slot 0"}'
Specific PIC details — port types, speeds, operational state.
Chassis Hardware
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show chassis hardware"}'
Hardware inventory: model, serial numbers, descriptions for all components (RE, FPC, PIC, PEM, fan trays). Variants:
show chassis hardware detail— Extended details with part numbersshow chassis hardware detail no-forwarding— Skip forwarding engine detailsshow chassis hardware extensive— Maximum hardware detailshow chassis hardware extensive no-forwarding— Extensive without forwarding
Chassis Fabric
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show chassis fabric summary"}'
Switch fabric plane status. Also: show chassis fabric plane for per-plane details.
Chassis Firmware
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show chassis firmware"}'
Firmware versions on all components. Also: show chassis firmware no-forwarding.
Chassis Power
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show chassis power"}'
Power supply status, input/output watts, capacity, redundancy mode.
Chassis Routing Engine
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show chassis routing-engine"}'
RE slot, status, model, memory, CPU utilization, uptime, load averages. Also: show chassis routing-engine no-forwarding.
System Information
Version
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show version"}'
JunOS version, hostname, model, serial number. Variants:
show version detail— Build info, kernel versionshow version detail no-forwarding— Skip forwarding engineshow version invoke-on all-routing-engines— Version on all REs (dual RE systems)
System Uptime
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show system uptime"}'
Current time, uptime, last configured timestamp, boot time, protocol daemon restart. Also: show system uptime no-forwarding.
System Information
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show system information"}'
Hardware model, serial, hostname, domain.
System Users
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show system users"}'
Currently logged-in users — terminal, login time, idle time, source IP.
System Commit History
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show system commit"}'
Configuration commit history — who committed, when, commit comment.
System Storage
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show system storage"}'
Filesystem usage — /dev/gpt, /var, /config. Also: show system storage no-forwarding.
System Buffers
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show system buffers"}'
Kernel buffer pool statistics. Also: show system buffers no-forwarding.
System Queues
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show system queues"}'
Packet queue statistics. Also: show system queues no-forwarding.
System Statistics
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show system statistics"}'
Protocol statistics (IP, ICMP, TCP, UDP counters). Also: show system statistics no-forwarding.
System Connections
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show system connections"}'
Active TCP/UDP connections on the RE — useful for verifying management sessions.
System Core Dumps
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show system core-dumps"}'
Core dump files — indicates past crashes. Also: show system core-dumps no-forwarding.
Task Memory & Replication
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show task memory"}'
Routing protocol daemon memory usage per task (BGP, OSPF, IS-IS, etc.). Also: show task replication for GRES/NSR replication state.
NTP
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show ntp associations"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show ntp status"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show configuration system ntp"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show configuration system ntp | display set"}'
SNMP
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show snmp statistics"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show snmp mib walk system"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show configuration snmp"}'
Files & Logs
File Listing
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"file list"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"file list /var/log detail"}'
Browse filesystem — check log sizes, config backups, core dumps.
Log Files
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show log messages"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show log messages | match OSPF"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show log messages | match BGP | except Peer"}'
Flexible log filtering with match/except pipes.
Firewall Filters
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show firewall"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show firewall log"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show firewall counter filter my-filter block"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show firewall counter filter my-filter my-counter"}'
DDoS Protection
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show ddos-protection statistics"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show ddos-protection protocols ospf"}'
Services Accounting
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show services accounting status"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show services accounting flow"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show services accounting usage"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show services accounting memory"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show services accounting errors"}'
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show services accounting aggregation template template-name my-template extensive"}'
Security
pyats_run_show_command '{"device_name":"juniper-rtr-01","command":"show security policies hit-count"}'
Workflows
1. JunOS Chassis Health Check
pyats_list_devices → identify JunOS devices
→ show chassis alarms → active alarms (CRITICAL if any)
→ show chassis environment → temperature, fans, power
→ show chassis fpc → FPC online/offline, CPU/memory
→ show chassis routing-engine → RE status, load averages
→ show chassis hardware → hardware inventory baseline
→ Severity-sort → GAIT
2. JunOS System Audit
show version → JunOS version, model, serial
→ show system uptime → device stability
→ show system commit → recent config changes
→ show system storage → disk usage (>80% = WARNING)
→ show system core-dumps → crash history (any = WARNING)
→ show ntp associations → time sync (stratum, offset)
→ Cross-reference version with NVD CVE → vulnerability exposure
→ GAIT
3. JunOS Security Posture
show firewall → active filters
→ show firewall log → recent filter hits
→ show ddos-protection statistics → DDoS protection state
→ show security policies hit-count → policy utilization
→ show snmp statistics → SNMP polling load
→ GAIT
Integration with Other Skills
| Skill | Integration |
|-------|-------------|
| junos-network | JunOS MCP (PyEZ/NETCONF) for config management; pyATS for operational CLI show commands |
| pyats-junos-interfaces | Interface-specific commands complement chassis/system view |
| pyats-junos-routing | Routing protocol commands complement system/hardware view |
| pyats-health-check | Extend standard health checks to include JunOS chassis metrics |
| netbox-reconcile | Cross-reference chassis hardware (serial, model) with NetBox DCIM |
| nvd-cve | Scan JunOS versions from show version against NVD |
| gait-session-tracking | Every command logged in GAIT |
Guardrails
- All commands are read-only — show, file list, and status commands only
- Always check
show chassis alarmsfirst — active alarms take priority - Cross-reference with SoT — compare hardware inventory with NetBox/Nautobot
- Record in GAIT — every command execution must be logged
Related Skills
automateyournetwork/humanrail-escalation
testing
VerifiedTrustedCommunity
Human-in-the-loop escalation via HumanRail — route low-confidence agent decisions, pre-destructive operation approvals, and ambiguous incident tickets to real human engineers. Human answers are verified and returned as structured output. Workers are paid via Lightning Network. Use when the agent is uncertain, when a destructive change needs explicit human sign-off beyond a ServiceNow CR, or when an ambiguous ticket requires human triage before automated handling.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-node-operations
testing
VerifiedTrustedCommunity
Manage EVE-NG node lifecycle. Use when listing nodes, checking runtime state, creating or deleting nodes, starting or stopping nodes or whole labs, verifying node details, or wiping node NVRAM back to factory defaults.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-lab-management
development
VerifiedTrustedCommunity
Manage EVE-NG labs and platform inventory. Use when listing labs, checking lab metadata, creating or deleting labs, importing or exporting lab archives, checking EVE-NG health or auth, or verifying available node images before build work.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-console-ops
tools
VerifiedTrustedCommunity
Execute live CLI commands on running EVE-NG nodes over telnet console. Use when running show commands, making live config changes, verifying protocol state, testing connectivity, checking console readiness, or interacting with IOS, Junos, VPCS, EOS, or NX-OS nodes.
491SKILL.mdUpdated May 12, 2026