ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

dokku

Installs, upgrades, and manages Dokku apps, deploys code or images, runs tasks, and cleans up containers on Dokku hosts via CLI commands.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.8k · 0 current installs · 0 all-time installs
bydFlow@akhil-naidu
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is clearly about Dokku administration (install, upgrade, deploy, cleanup). This matches the included command reference files. One minor inconsistency: the SKILL.md frontmatter contains metadata requiring the 'dokku' binary (metadata: {"openclaw":{"requires":{"bins":["dokku"]}}}), while the registry-level requirements show no required binaries — that likely means the skill expects Dokku to be present for many commands but also documents how to install Dokku. This is plausible for a combined 'install + manage' skill, but it's worth noting.
Instruction Scope
The instructions are mostly scoped to Dokku host administration and explicitly state commands run on the Dokku host (SSH or local). They include potentially destructive admin operations (e.g., docker system prune, dokku apps:destroy, dokku-nuke plugin) and guidance to read the user's SSH authorized_keys for adding keys (cat ~/.ssh/authorized_keys | sudo dokku ssh-keys:add admin). Those actions are relevant to Dokku setup/cleanup but are high-privilege and should only be executed on hosts you control and after confirming intent.
Install Mechanism
This is an instruction-only skill (no install spec, no code files to execute). The install instructions reference downloading bootstrap.sh from dokku.com and installing plugins from GitHub — both are standard, well-known sources. No arbitrary/personal server download URLs are present in the documentation.
Credentials
The skill does not declare or require any environment variables or credentials. It does reference system files and admin operations (reading ~/.ssh/authorized_keys, running sudo, manipulating Docker). Those are proportionate to installing and administering Dokku, but they involve sensitive data and root-level actions, so operators should expect to provide SSH/sudo access to the Dokku host when using the skill.
Persistence & Privilege
The skill does not request permanent presence (always: false) and is user-invocable. It does not attempt to modify other skills or global agent settings in the provided files. Autonomous invocation is allowed (platform default) but is not combined with other concerning privileges here.
Assessment
This skill appears to be a straightforward Dokku administration reference and helper; it's instruction-only and doesn't request secrets. Before using it, consider the following: 1) Many commands are high-privilege (sudo, docker prune, dokku apps:destroy, plugin installs). Only run them on servers you control and after backups. 2) The install instructions download Dokku's bootstrap script from dokku.com and may instruct adding SSH keys by reading ~/.ssh/authorized_keys — review any commands the agent proposes before executing them. 3) The SKILL.md metadata indicates it expects the dokku binary for many operations; if you plan to run the install steps from the skill, the dokku binary won't exist yet — follow install instructions first. 4) If you will allow the agent to run commands against a remote Dokku host, be prepared to supply explicit SSH access and confirm destructive actions. If any part of the skill proposes unexpected network endpoints, credential collection, or actions outside Dokku host administration, stop and review the exact commands.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.0.1
Download zip
latestvk9723zc28g4610p4hadaanjat18081sv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Dokku

Dokku is a PaaS; commands run on the Dokku host (SSH or local). Prefer running long operations (deploys, builds) in the background — use exec with background: true or short yieldMs when the tool allows.

Section index

Detailed command syntax and examples live in each section file. Read the relevant file when performing that category of task.

SectionFileCommands / topics
Appsapps/commands.mdcreate, destroy, list, rename, clone, lock, unlock, report
Configconfig/commands.mdget, set, unset, export
Domainsdomains/commands.mdadd, set, remove, set-global, report
Git / deploygit/commands.mdfrom-image, set, deploy-branch, git push
Run (one-off / background)run/commands.mdrun, run:detached
Logslogs/commands.mdlogs, logs:failed, logs:set
Process (ps)ps/commands.mdscale, rebuild, restart, start, stop
Pluginplugin/commands.mdlist, install, update, uninstall
Certscerts/commands.mdadd, remove, generate
Nginxnginx/commands.mdbuild-config, show-config, set
Storagestorage/commands.mdmount, list
Networknetwork/commands.mdreport, bind-all-interfaces
Installinstall/commands.mdInstalling Dokku (bootstrap, post-install, alternatives)
Upgradeupgrade/commands.mdUpgrading Dokku; check migration guides before upgrading
Cleanupcleanup/commands.mdCleaning up Dokku and containers (prune, builder prune, apps)

Quick reference

  • Create app: dokku apps:create <app-name>
  • Deploy (git): Add remote dokku@<host>:<app-name>, then git push dokku <branch>:master
  • Deploy (image): dokku git:from-image <app> <docker-image>
  • Run in background (Dokku): dokku run:detached <app> <cmd> or dokku run --detach <app> <cmd>
  • Agent-side background: For long deploys/installs, run the shell command via exec with background: true or short yieldMs; poll or check logs as needed.

For full command details and options, see the section files above.

Files

18 total
Select a file
Select a file to preview.

Comments

Loading comments…