Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Mailserver Maintenance
v1.0.2docker-mailserver 启动/停止/状态检查/故障排查。出站链路(DMS→cloud SMTP relay)和收件队列问题。发送失败、队列积压、Cloud relay 无响应时触发。不负责邮件收发使用(见 email-usage)。
⭐ 0· 41·0 current·0 all-time
by@axelhu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (docker-mailserver + cloud SMTP relay maintenance) align with the runtime instructions: docker compose, docker exec, postqueue, and SSH to a cloud relay are expected. However, SKILL.md hard-codes an external IP (101.43.110.225) and references specific local paths (/home/axelhu, /home/cloudrelay/.ssh/id_rsa) and Windows scheduled tasks which tie the skill to a particular environment. Metadata mismatch: the top-level Owner ID shown to you (kn7b...) differs from ownerId in _meta.json (s172yaxx...), which is a provenance/integrity red flag.
Instruction Scope
Instructions direct the agent to run privileged maintenance actions (docker compose up/down, docker exec, postqueue -f) and to use SSH from inside the container to an external host. They explicitly reference sensitive paths (checking permissions of /home/cloudrelay/.ssh/id_rsa) and run remote commands on a remote Windows host (Start/Stop-ScheduledTask). While these are plausible for this purpose, they assume presence of SSH and docker inside the runtime environment and require access to a private key stored in the container. The skill does not instruct to avoid leaking that key, nor does it declare the key or host as a required credential.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk by the registry package itself. This lowers supply-chain risk. However, runtime commands will interact with system binaries and remote hosts.
Credentials
The skill declares no required environment variables or primary credential, yet its instructions rely on an SSH identity file (/home/cloudrelay/.ssh/id_rsa) and an SSH config that references a specific external host. Not declaring the SSH credential or the external host in the metadata is an incoherence: the agent (or operator) must already possess a sensitive private key in a specific path for the steps to work. The skill also implicitly requires binaries (docker, ssh, docker-compose) even though requires.anyBinaries is empty.
Persistence & Privilege
The skill does not request always:true and does not ask to persist credentials or modify other skills. Autonomous invocation is allowed by platform default (disable-model-invocation: false) — combine this with other concerns if you plan to allow unattended/autonomous runs.
What to consider before installing
This skill appears to implement the maintenance tasks it claims, but several things don't add up — treat it cautiously. Before installing or running it: 1) Verify the skill author and provenance (the ownerId in _meta.json differs from the registry summary). 2) Confirm whether your environment actually should contain the SSH private key at /home/cloudrelay/.ssh/id_rsa; don't let the agent access or transmit private keys unless you explicitly trust the skill and owner. 3) Ensure required binaries (docker, docker-compose, ssh) exist and are appropriate for the environment; update the skill metadata if needed. 4) Validate the hard-coded external IP/host (101.43.110.225) is a legitimate relay you control — otherwise the skill will connect to an external server. 5) Run the steps manually in a staging environment first; do not allow autonomous invocation until provenance and credential handling are confirmed. If you cannot verify the owner or the remote host, consider rejecting the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk979nh2tzdt99tfsdaqm9wv7wn84vfgr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📮 Clawdis