ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Docker Compose Generator

v1.0.1

生成 Docker Compose 配置,支持 MySQL, PostgreSQL, Redis, MongoDB, Elasticsearch 等常用服务。

0· 561·3 current·3 all-time
by@sunshine-del-ux
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to support many services (MySQL, PostgreSQL, Redis, MongoDB, Elasticsearch, RabbitMQ, Nginx, Node.js) and flexible CLI flags, but the shipped docker-compose-generator.sh only emits a static compose file containing mysql and redis regardless of arguments. This is a clear mismatch between stated purpose and actual capability.
!
Instruction Scope
SKILL.md shows example CLI flags and 'full-stack' usage, implying argument parsing and multi-service generation; the runtime file does not implement those behaviors. The script writes a file in the current directory and echoes a success message — it does not read extra files or env vars, but it will overwrite/create docker-compose.yml which is potentially surprising.
Install Mechanism
There is no install spec; the skill is instruction-only with a small shell script included. No downloads or package installs are performed.
Credentials
The skill requests no environment variables, credentials, or config paths. The script contains hardcoded credentials (MYSQL_ROOT_PASSWORD: root) and exposed ports, which are security-relevant but not an overreach in requested privileges.
Persistence & Privilege
Flags show normal behavior (always: false, user-invocable true). The skill does not request persistent platform privileges. Its only side effect is writing a docker-compose.yml and creating a named volume when run; it does not modify other skills or system configuration.
What to consider before installing
This skill is internally inconsistent: the documentation promises a flexible generator for many services, but the provided script only outputs a fixed docker-compose.yml for MySQL and Redis and ignores CLI flags. Before using it, review and edit the script — it contains a hardcoded MySQL root password ('root') and exposes host ports (3306, 6379), which are unsafe for production. If you want the advertised functionality, request the author or publisher for the real implementation or modify the script to properly parse arguments and only expose ports/credentials you control. Run it in a disposable directory or sandbox first to avoid overwriting an existing docker-compose.yml. If you need assurance about the publisher, seek a source/homepage or avoid installing until the mismatch is resolved.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐙 Clawdis
devopsvk97fnxrbe38ydbh8rwe0w6s175825e8fdockervk97fnxrbe38ydbh8rwe0w6s175825e8fdocker-composevk97fnxrbe38ydbh8rwe0w6s175825e8fgeneratorvk97fnxrbe38ydbh8rwe0w6s175825e8flatestvk977gbbv5gxsdk06929hp6eq41826m32
561downloads
0stars
2versions
Updated 8h ago
v1.0.1
MIT-0
@sunshine-del-ux
devopsdockerdocker-composegeneratorlatest
Download

Docker Compose Generator

生成 Docker Compose 配置,快速搭建开发环境。

支持的服务

  • MySQL
  • PostgreSQL
  • Redis
  • MongoDB
  • Elasticsearch
  • RabbitMQ
  • Nginx
  • Node.js

使用方法

docker-compose-generator --db mysql --cache redis
docker-compose-generator full-stack

功能

  • 一键生成 docker-compose.yml
  • 网络配置
  • 数据持久化
  • 环境变量模板

Comments

Loading comments...