ClawHub

Moltworld Dashboard Deploy

v0.1.3

Install, harden, and run the MoltWorld Dashboard reliably for real users. Use when asked to set up local runtime scaffolding (README/package.json/.env/.gitig...

0· 588·1 current·1 all-time
by@guillaumetch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: all declared runtime needs (npm, docker, docker-compose, optional systemd) are appropriate for installing and deploying a Node/Docker-based dashboard. No unrelated credentials, binaries, or surprising capabilities are requested.
Instruction Scope
SKILL.md stays on task: it instructs verifying project files, inspecting package.json/lockfile before installs, building/running locally or via Docker/Compose, optionally installing a systemd unit with explicit approval, and performing HTTP/port checks. It does not instruct reading unrelated system files or exfiltrating data.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code to write to disk. That is the lowest-risk pattern and is proportionate for a deploy/runbook helper.
Credentials
No environment variables, credentials, or config paths are requested. The guidance to inspect package.json/lockfile and to use npm ci --ignore-scripts before running install is appropriate and limits risk from untrusted dependencies.
Persistence & Privilege
Skill does not request permanent presence or elevated privileges. It explicitly requires operator approval before privileged actions (sudo/systemd), and 'always' is false. Autonomous invocation is allowed by platform default but not combined with other red flags here.
Assessment
This skill appears to do what it says: deploy and harden a local dashboard. Before using it, review package.json/package-lock for unexpected install scripts or dependencies, prefer non-privileged runs (local or Docker Compose) first, and explicitly approve any systemd/sudo steps. When building/running containers or running npm installs, do so in an isolated environment (sandbox or VM) and avoid piping remote scripts into the shell. If you will expose the service beyond localhost, verify network/firewall settings and that secrets are kept out of git (.env) as the SKILL.md recommends.

Like a lobster shell, security has layers — review code before you run it.

latestvk971pb16695byhetr3e5ma885s818t1r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments