Server
v1.0.0Configure, deploy, and troubleshoot web servers, application servers, and containerized services.
⭐ 2· 1.1k·8 current·8 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (web/app servers, containerized services) align with the SKILL.md, configs.md, and docker.md content. The files provide configuration and operational examples consistent with the stated purpose and do not request unrelated credentials, binaries, or config paths.
Instruction Scope
Runtime instructions and examples focus on expected actions (systemctl, nginx, certbot, docker compose, log paths). However, several example snippets include security-risky configurations that a user might copy-paste (e.g., Traefik with --api.insecure=true and a docker.sock mount). These are in-scope technically but are potentially dangerous if used without modification.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — the lowest-risk installation footprint (nothing is written or executed by the skill itself).
Credentials
The skill declares no required environment variables or credentials. Example docker-compose files include sample plaintext passwords and placeholder emails (for illustration) but the skill does not demand secrets from the user.
Persistence & Privilege
always:false and no install/activity that would persist state. The skill can be invoked by the agent (normal default) but it does not request persistent privileges or modify other skills/configs.
Assessment
This skill appears coherent and useful for server and container tasks, but do not copy example configs verbatim. Before using: 1) Remove or replace insecure Traefik settings (avoid --api.insecure=true) and avoid exposing dashboards publicly. 2) Treat mounts of /var/run/docker.sock as privileged — only use when necessary and understand the host access it grants. 3) Replace placeholder plaintext credentials in docker-compose with secrets or environment management, and set a real email for Let's Encrypt. 4) Run commands (certbot, systemctl, docker) with care on production systems and review each config for your security posture. If you want a deeper risk check, provide any environment you plan to run these on (OS, orchestration, whether Docker socket will be mounted) so I can highlight platform-specific hazards.Like a lobster shell, security has layers — review code before you run it.
latestvk979c2jcq2kq2h0csczfd1kqqh810337
License
MIT-0
Free to use, modify, and redistribute. No attribution required.