Docker Socket Proxy
v1.0.0Manage a remote Docker host securely via docker-socket-proxy, supporting container lifecycle, images, networks, volumes, swarm, plugins, and system info APIs.
⭐ 1· 251·0 current·0 all-time
by@bp602
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill claims to manage a Docker host via tecnativa/docker-socket-proxy and the script implements calls to the Docker REST API (containers, images, networks, volumes, swarm, secrets, exec, etc.). This aligns with the description. Minor inconsistency: the registry metadata listed no required binaries, while the SKILL.md metadata and README both require curl and jq — these are reasonable for the stated purpose but the metadata mismatch should be noted.
Instruction Scope
Runtime instructions tell the agent to run the provided shell script which issues HTTP requests to the proxy only (no other external endpoints) and does not read arbitrary host files. However, several modes (notably exec and Swarm secrets listing) allow the agent to run commands inside containers or view sensitive Swarm secrets if the proxy has those API sections enabled — this is expected functionality but increases risk if the proxy is over-privileged.
Install Mechanism
There is no install spec that downloads or writes code to disk; this is an instruction-only skill with an included shell script. No remote archive downloads or third‑party install steps are present.
Credentials
The script uses DOCKER_PROXY_URL and DOCKER_HOST to locate the proxy (appropriate). It does not request credentials or other unrelated environment variables. Be aware that the Docker API surface includes sensitive items (secrets, swarm configs, the ability to exec into containers) — access to those depends solely on which sections are enabled in the proxy, not on the skill itself.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and does not attempt to modify other skills or system-wide agent settings. Autonomous model invocation is allowed by default (normal for skills) but is not combined with any hidden persistence or elevated privileges in the package.
Assessment
This skill appears to do what it says: it talks only to a docker-socket-proxy and requires curl and jq. Before installing, verify the proxy is configured with the minimum API sections you need (avoid enabling EXEC, SECRETS, SWARM, IMAGES, etc., unless strictly necessary). Review the included scripts yourself (run-docker.sh) and prefer running the proxy on a trusted host and network. Note the registry metadata omitted required binaries (curl/jq) and the skill source/homepage are listed as unknown — if provenance matters for you, request a canonical upstream or author confirmation. If you allow autonomous agent use, consider limiting the agent's permissions or requiring manual approval for operations that run commands inside containers or list secrets.Like a lobster shell, security has layers — review code before you run it.
latestvk97a7ymdfbs765rx8ardyhcvxn82mfb4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.