Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self-Hosting Mastery
v1.0.0Complete self-hosting and homelab operating system. Deploy, secure, monitor, and maintain self-hosted services with production-grade reliability. Use when se...
⭐ 0· 376·0 current·0 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description match the SKILL.md content: an in-depth homelab/self-hosting guide covering OS selection, Proxmox, Docker, backup and monitoring. There are no unexpected required env vars, binaries, or config paths declared that would contradict the stated purpose.
Instruction Scope
The SKILL.md contains concrete, high‑privilege instructions (editing /etc files, updating GRUB, enabling IOMMU, creating LXC/VMs) appropriate for a homelab guide, but it also instructs use of remote install scripts (e.g., curl -fsSL https://get.docker.com | sh) and makes direct system modification recommendations. Those actions are risky if executed blindly by an agent or an untrusted user; the skill gives agent-level operational directives that could modify a host system.
Install Mechanism
There is no install spec (instruction-only), so nothing is written by the skill itself. However, the instructions reference fetching software from external locations (proxmox repo, get.docker.com) and recommend piping remote scripts to shell. While common in onboarding docs, this is a supply‑chain risk and worth human review before execution.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md does not request unrelated secrets or external credentials; filesystem edits referenced are relevant to system setup (APT repos, GRUB, Traefik acme.json).
Persistence & Privilege
The skill is not marked always:true and does not request persistent presence or to modify other skills or global agent config. It does, however, instruct operations that require root on target hosts — appropriate for the domain but high privilege on the underlying system.
What to consider before installing
This skill reads like a thorough self‑hosting/homelab handbook and is internally consistent with that purpose, but you should treat it like a set of operator instructions rather than an innocuous helper. Key points: 1) Provenance unknown — the owner and homepage are not provided; prefer well‑known authors for system‑level guides. 2) Review every command before running, especially anything using curl | sh or adding third‑party APT repos — piping remote scripts executes code you haven't audited. 3) Test on an isolated VM or nonproduction device first; keep backups and snapshots. 4) Prefer official distro packages or pinned releases rather than running unverified install scripts. 5) If you intend the agent to act autonomously, disable autonomous execution or require explicit human confirmation before it runs privileged commands. If you want me to, I can: (a) extract all shell commands from SKILL.md for offline review, (b) list every external URL referenced so you can audit them, or (c) produce safer alternative commands that avoid piping remote scripts to sh.Like a lobster shell, security has layers — review code before you run it.
devopsvk97exknnyt54f8p3h2exp6hc9n81x1mgdockervk97exknnyt54f8p3h2exp6hc9n81x1mghomelabvk97exknnyt54f8p3h2exp6hc9n81x1mginfrastructurevk97exknnyt54f8p3h2exp6hc9n81x1mglatestvk97exknnyt54f8p3h2exp6hc9n81x1mglinuxvk97exknnyt54f8p3h2exp6hc9n81x1mgselfhostedvk97exknnyt54f8p3h2exp6hc9n81x1mgservervk97exknnyt54f8p3h2exp6hc9n81x1mg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.