ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mac Mini Server

v1.0.0

Set up OpenClaw on Mac Mini as always-on AI server — hardware recommendations, macOS config, Docker Desktop, launchd auto-start, Tailscale remote access, and...

0· 292·0 current·0 all-time
by@aiwithabidi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description match the instructions: hardware advice, macOS power settings, Homebrew/Docker, docker-compose, launchd, and Tailscale are all sensible for an always‑on Mac Mini server. However, a few choices (mounting /var/run/docker.sock and the user's ~/.ssh into the container) are powerful host-level privileges that should be justified — they can be legitimate for some self-hosted deployments but are security-sensitive.
!
Instruction Scope
The SKILL.md tells the user to change system power settings, enable SSH, disable password lock/auto-login, install Homebrew via a remote install script, and create a launchd service that runs docker compose. It also instructs mounting the host docker socket and ~/.ssh into the container. These are broader-than-minimal operations and allow containers to control the host or access SSH keys; they go beyond simple application setup and materially expand the attack surface.
Install Mechanism
This is instruction-only (no install spec). The guide uses the standard Homebrew install curl | bash pattern and brew cask for Docker Desktop — common but inherently involves executing a remote script. No arbitrary binaries or unknown download hosts are used, but the remote execution step should be considered a risk and verified before running.
!
Credentials
No environment variables or external credentials are declared, which is fine, but the instructions request access to sensitive host artifacts (read‑only mount of ~/.ssh and /var/run/docker.sock). Those give a container (or developer following the guide) potential lateral access to private keys and full host control via the Docker socket. Tailscale is listed as an installed tool but instructions for authenticating it (which would require keys/token) are missing.
Persistence & Privilege
Persistence is implemented via a per-user launchd agent (~/Library/LaunchAgents) — appropriate for a user-level always-on service. The guide also recommends enabling auto-login and disabling lock screens, which increases physical access risk; the launchd item itself does not request system-wide privileges or 'always: true' style platform bypasses.
What to consider before installing
This guide is plausible for setting up an always‑on Mac Mini server, but before following it, be aware of these high-risk items and alternatives: - Mounting /var/run/docker.sock into a container effectively gives that container root control of the host. Only do this if you trust the container image and its maintainers; prefer alternative patterns (separate containers without socket access, Docker API with restricted credentials, or a dedicated management host). - Mounting your ~/.ssh into a container exposes private SSH keys to that container. Prefer SSH agent forwarding, use a dedicated deploy key with limited scope, or avoid mounting keys into long-running containers. - The guide recommends disabling lock screens and enabling auto-login. That materially increases local physical risk; keep the device physically secure or avoid auto-login if possible. - The Homebrew installer runs a remote script (curl | bash). Verify the official source and audit the script if you are security-conscious. - Confirm the openclaw GitHub repository is legitimate and review the Dockerfile and code before building/running images that will be given access to the host. - Tailscale setup and authentication steps are not shown; ensure you follow Tailscale best practices and do not paste tokens into untrusted scripts. If you plan to proceed: test in an isolated environment first (separate user account or VM), remove unnecessary mounts, use least privilege for keys and services, bind app ports to 127.0.0.1 as the guide suggests, and audit container images and compose files before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fmx6wey5p2sccbvdw5tr45h82a4bq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🖥️ Clawdis

Comments