ClawHub

Dokploy API

v1.0.0

Use for Dokploy-specific API operations (apps, deployments, databases, domains, backups, settings) when tasks explicitly involve Dokploy. Route requests to d...

0· 73·0 current·0 all-time
byAchal Singhal@achals-iglu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, manifest, openapi.json, and the modular docs all align: this is a documentation-driven, instruction-only skill for calling Dokploy API endpoints. The listed modules and endpoints are coherent with the stated Dokploy operations.
Instruction Scope
SKILL.md stays within the Dokploy domain and prescribes safe, inspect-first flows (classify intent, resolve identifiers, preflight checks, verify after mutation). Minor note: SKILL.md refers to an 'Auth/profile source: Dokploy user profile token + x-api-key' but does not instruct the agent to read any specific local files or environment variables; this is a small documentation ambiguity rather than unexpected behavior.
Install Mechanism
No install spec and no code files that would be executed; the skill is instruction-only and therefore does not install additional packages or write to disk.
Credentials
Manifest declares API auth via x-api-key (apiKey in header) and SKILL.md repeats that. However SKILL.md also mentions a 'Dokploy user profile token' alongside x-api-key while requires.env lists none — this is a minor inconsistency to clarify (the runtime may expect the agent/platform to supply credentials). No unrelated credentials or excessive environment access are requested.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent system privileges or attempt to modify other skills or system-wide settings.
Assessment
This package appears to be a coherent, read-and-call documentation bundle for the Dokploy API. Before installing/use: (1) confirm you will provide a valid x-api-key to the agent (and ask the author whether a separate 'user profile token' is also required, since SKILL.md mentions it but the manifest does not); (2) only enable the skill for tasks that explicitly involve your Dokploy instance — the skill can perform create/update/delete actions so require explicit intent for destructive operations; (3) avoid pasting raw API keys or tokens into chat — store them in the platform's secure credential store if possible and limit the key's permissions; (4) verify you trust the external base URL (https://dokploy.achals.me/api) and review the included openapi.json for the exact endpoints the agent will be able to call. If you want a stricter assessment, provide any runtime policy the platform uses for supplying the x-api-key/profile token (where those credentials will live and how they are scoped).

Like a lobster shell, security has layers — review code before you run it.

latestvk9752kbayjbkjqwymr8dcqczdh83jbmy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments