dokku
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: dokku Version: 0.0.1 The skill is classified as suspicious due to several high-risk capabilities, primarily the ability to install arbitrary plugins from any URL with root privileges (`sudo dokku plugin:install <url>` in `plugin/commands.md`). While this is a legitimate Dokku command, it grants broad permissions that could be exploited via prompt injection to execute malicious code. Additionally, the skill instructs the agent to read sensitive SSH configuration files (`cat ~/.ssh/authorized_keys` in `install/commands.md`) for adding admin keys, which, while for a stated purpose, involves direct access to sensitive local data. Other commands involve downloading and executing scripts with `sudo` from external sources (`wget ... | sudo bash` in `install/commands.md`) and aggressive system cleanup (`sudo docker system prune` in `cleanup/commands.md`), which are powerful and could lead to data loss or system compromise if misused.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A wrong cleanup or destroy command could interrupt applications or delete infrastructure artifacts on the Dokku host.
The skill documents host-wide Docker cleanup, including force/no-confirm options. This is relevant to Dokku cleanup, but a mistaken command can remove containers, images, caches, or volumes.
These affect **all** Docker objects, not just Dokku apps; use with care. ... sudo docker system prune -a --volumes -f
Confirm the target host and app, prefer non-force/scoped commands first, and verify backups before using force, all-app, or volume-pruning commands.
Running the installer can make broad system changes, install packages, and configure services on the selected server.
The install instructions download a remote bootstrap script and run it with sudo. This is expected for installing Dokku, but it executes privileged code on the server.
wget -NP . https://dokku.com/install/v0.37.5/bootstrap.sh sudo DOKKU_TAG=v0.37.5 bash bootstrap.sh
Run it only on the intended host, verify the Dokku release/source, and review the bootstrap script or use a trusted package-based install path when required.
An untrusted or changed plugin source could modify the Dokku host with elevated privileges.
The skill documents installing Dokku plugins from URLs with sudo. Plugin installation is purpose-aligned, but plugin provenance and version pinning matter.
sudo dokku plugin:install <url> # Example: sudo dokku plugin:install https://github.com/dokku/dokku-postgres.git
Use trusted plugins, prefer pinned releases or reviewed repositories, and avoid installing arbitrary plugin URLs without user approval.
Application secrets may appear in chat, logs, or copied outputs if config commands are used broadly.
Dokku app environment variables commonly contain API keys, database URLs, and other secrets. Viewing or exporting them is legitimate admin behavior but exposes sensitive values to the agent session.
Display environment variables for an app. ... dokku config:export <app> --format env
Request only the specific keys needed, redact secret values before sharing, and avoid exporting full app config unless necessary.
A detached migration, install step, or job may continue changing app state while the user is not actively watching it.
The skill intentionally supports detached/background tasks. This is part of Dokku administration, but such jobs can keep running after the command returns.
dokku run:detached <app> <cmd> [args...] ... Use for long-running tasks ... --ttl-seconds (default 24h).
Use detached mode only when intended, set an appropriate TTL, record the returned container ID, and monitor logs or status until completion.