Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Personal Docker Manager
v1.0.0Manage Docker containers, stacks, templates, images, networks, volumes, users, and monitor system resources via the Arcane Docker Management API.
⭐ 2· 2.1k·2 current·2 all-time
by@cougz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md describes a Docker management REST API (containers, stacks, templates, networks, volumes, images, user accounts, API keys) which matches the skill name. However the package metadata declares no required environment variables or primary credential even though the instructions rely on $BASE_URL and $TOKEN (and show username/password examples). The missing declared credentials is an incoherence between what the skill does and what it requests/declares.
Instruction Scope
The runtime instructions are explicit curl examples targeting a configurable API base URL (default http://localhost:3552/api). All actions are scoped to that API (list/start/stop/remove containers, deploy stacks, exec into containers, manage API keys). The instructions do not direct data to external endpoints other than the user-configured BASE_URL. They do, however, include examples that accept credentials and perform sensitive operations (create/remove API keys, exec commands in containers) — which is intended functionality but high-risk in practice. The SKILL.md references environment variables ($BASE_URL, $TOKEN) that are not declared in the skill metadata.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes installation risk (nothing is downloaded or written to disk by the skill bundle itself).
Credentials
The instructions rely on secrets and config (Bearer token, API keys, username/password examples) but the skill metadata lists no required environment variables or primary credential. That mismatch means sensitive credentials are needed at runtime but are not declared or scoped in the registry metadata. The skill also supports creating/managing API keys and user accounts — legitimately necessary for a management API, but these are highly privileged operations and should be explicitly documented and limited. Recommend providing a least-privilege API key and not admin/root credentials.
Persistence & Privilege
The skill does not request permanent presence (always is false) and does not include installation scripts. Model invocation is enabled (default), so the agent could call the skill autonomously; combined with the skill's ability to modify containers, stacks, and API keys this increases the blast radius if the agent is allowed to act without human confirmation. The skill does not modify other skills or system-wide configs.
What to consider before installing
This SKILL.md looks like a straightforward client for an 'Arcane' Docker management REST API, but there are several practical risks to consider before installing or using it:
- Metadata omission: The skill uses $BASE_URL and $TOKEN (and shows username/password examples) but the registry metadata declares no required environment variables or primary credential. Expect the agent to ask you for those values at runtime — do not provide high‑privilege admin credentials unless you trust the skill and its source. Prefer a scoped, least‑privilege API key.
- Sensitive capabilities: The skill can remove containers/stacks, pull images, and exec arbitrary commands inside containers and manage API keys/users. Those are normal for a manager but also destructive — require human confirmation or audit logging before allowing autonomous runs.
- Unknown origin: The skill has no homepage or source link and an opaque owner ID. That reduces transparency; verify the skill's provenance before granting access to your Docker management API.
- Network scope: The default BASE_URL is localhost:3552, but if you point it at a remote or internet‑exposed API, traffic will carry credentials to that endpoint. Ensure the API endpoint is correct and reachable only by trusted networks.
- Minimal install risk: Because it's instruction-only with no install step, it doesn't drop code on disk — but the agent will make HTTP calls based on these instructions, so the runtime privileges you grant are what matter.
Recommendations: only use with a dedicated, least‑privilege API key; prefer human-in-the-loop confirmation for destructive actions; verify the skill author/source; and avoid supplying admin/root credentials unless you intend the agent to act as an administrator.Like a lobster shell, security has layers — review code before you run it.
latestvk97a4ryxm9csak1xbty2bg049s80921z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.