Portainer
Security checks across malware telemetry and agentic risk
Overview
This skill does what it says, but it can directly restart, stop, and redeploy Docker services through Portainer without built-in confirmation or tight scope limits.
Install only if you want the agent to control your Portainer-managed Docker environment. Use a dedicated least-privilege API token, verify PORTAINER_URL points to the intended server, and require explicit confirmation before redeploying, stopping, or restarting containers.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could stop production services, restart the wrong container, or redeploy a stack unexpectedly.
The script exposes direct Portainer API calls that redeploy stacks and start, stop, or restart containers. These are expected for the skill, but they are high-impact operations and the artifact does not implement confirmation, dry-run, allowlists, or other safeguards.
api_put "/stacks/$STACK_ID/git/redeploy?endpointId=$ENDPOINT_ID" "$PAYLOAD" ... api_post "/endpoints/$ENDPOINT/docker/containers/$CONTAINER_ID/stop" "{}" ... api_post "/endpoints/$ENDPOINT/docker/containers/$CONTAINER_ID/restart" "{}"Use a Portainer token with the minimum required permissions, restrict which endpoints or stacks the token can control, and require explicit user confirmation before stop, restart, or redeploy actions.
Anyone or any agent process with access to this token may be able to view and change Docker resources through Portainer.
The skill requires a Portainer API token. This is disclosed and necessary for the integration, but the token may carry broad authority over the user's Docker environments depending on how it is created.
PORTAINER_URL=https://your-portainer-server:9443 PORTAINER_API_KEY=ptr_your_token_here
Create a dedicated low-privilege Portainer token for this skill, store it securely, rotate it if exposed, and avoid using an administrator token unless absolutely necessary.
A mistaken redeploy could roll out unreviewed code or interrupt multiple services in a stack.
The redeploy command can propagate a single action into code pulls, rebuilds, and service restarts. That behavior is purpose-aligned, but it is not bounded by documented staging, rollback, or confirmation controls.
This will: 1. Pull latest code from git 2. Rebuild containers if needed 3. Restart the stack
Confirm the target stack ID and environment before redeploying, prefer staging first, and ensure rollback procedures exist.