Skillv1.0.0

ClawScan security

Lu Auto Deploy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 5:10 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This is an instruction-only Docker deployment helper whose templates and commands match its stated purpose, but it assumes running shell/docker commands (including mounts like /var/run/docker.sock and host paths) so review before executing.
Guidance: This skill is an instruction-only template for deploying containers; it appears coherent with that purpose. Before using it: 1) do NOT run the provided commands blindly—inspect and adapt paths (it assumes /vol1/1000) and ports to your environment; 2) be cautious with mounts such as /var/run/docker.sock and host directories—these give containers high privileges on the host (Portainer example mounts the Docker socket); 3) prefer pinned image tags rather than :latest for production and validate images you pull from Docker Hub; 4) run templates on an isolated/test host first; 5) verify the skill source/provenance (registry metadata here is inconsistent: registry lists unknown source though _meta.json contains a GitHub URL) and only allow any automated execution if you trust the agent’s runtime and have explicit confirmation/approval steps in place.

Review Dimensions

Purpose & Capability: okName/description match the content: SKILL.md provides docker-compose and docker run templates for monitoring, media, tool, and security services. Required binaries/credentials are not requested and are consistent with a documentation/template skill.
Instruction Scope: noteThe instructions tell an operator to create directories and execute docker-compose/docker run commands (e.g., mkdir -p /vol1/1000/Docker/..., docker-compose up -d, docker run ... -v /var/run/docker.sock:/var/run/docker.sock). This is expected for deployment templates but is potentially dangerous if executed blindly: mounting /var/run/docker.sock or host directories grants containers powerful host access. The SKILL.md does not ask to read unrelated files or exfiltrate data, but it assumes specific host paths (/vol1/1000) that may not exist and could lead to unintended file writes.
Install Mechanism: okNo install spec or code is included (instruction-only), so nothing is downloaded or written to disk by the skill itself.
Credentials: okThe skill declares no environment variables or credentials and its instructions do not reference secrets or external tokens. This is proportionate for a template/helper that provides commands and compose files.
Persistence & Privilege: okThe skill is not force-included (always: false) and does not claim persistent system privileges or modify other skills. It can be invoked autonomously by the agent per platform defaults, which is normal; users should be aware agent autonomous actions could attempt to run commands if the agent has such capabilities.