ClawHub

Coolify Deploy

Security checks across malware telemetry and agentic risk

Overview

This deployment skill is mostly coherent, but it includes token-bearing commands pointed at a fixed external IP and destructive deployment commands without enough guardrails.

Review carefully before installing. Replace every host/IP with your own Coolify instance, do not send Coolify tokens to 217.77.2.59 or any endpoint you do not control, and require explicit confirmation before app deletion, forced redeploys, Docker stop/rm, or changing the default Coolify context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to create apps, set environment variables, and force deployments against remote Coolify infrastructure, but it does not include an explicit warning or consent checkpoint that these actions modify live systems. In an agent setting, this increases the risk of unintended production changes, outages, configuration drift, or redeployments being triggered without the user clearly understanding the side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation includes a forceful deletion command (`coolify app delete <app-uuid> --force`) without any warning about irreversible data loss, scope verification, or confirmation steps. In an agent skill context, users or downstream automation may copy this directly, increasing the chance of accidental production app deletion.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The API example shows a direct DELETE request against an application resource with no cautionary text, environment scoping, or confirmation guidance. Because this skill is for deployment automation, exposing a raw destructive API call makes accidental or scripted deletion more likely, especially if the bearer token has broad privileges.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The fallback Docker instructions stop and remove an existing container named `myapp` without warning, which can interrupt service or destroy stateful workloads if adapted incautiously. In a troubleshooting/deployment skill, operators may treat this as a routine fix and apply it to live systems without understanding the downtime and data-loss implications.

VirusTotal

No VirusTotal findings

View on VirusTotal