Security audit

Dokploy

Security checks across malware telemetry and agentic risk

Overview

This Dokploy skill appears purpose-aligned, but it handles powerful deployment credentials and secrets in ways users should review before installing.

Install only if you trust it with Dokploy deployment authority. Prefer a limited-scope API key, avoid storing the key with dokploy-config unless you lock down ~/.dokployrc, treat env and logs output as secret material, and require explicit approval before production deploy, delete, or environment-variable changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill clearly instructs use of shell-based commands (`curl`, `jq`, exported environment variables, and CLI actions) but does not declare corresponding permissions or capability boundaries. This can mislead users or orchestration systems about what the skill is allowed to do, reducing review visibility and increasing the chance of unintended command execution against local or remote systems.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents destructive actions such as deleting projects, applications, and domains without any warning, confirmation step, or recovery guidance. In an agentic or scripted context, this raises the risk of accidental irreversible deletion of production resources due to user error, prompt ambiguity, or automation mistakes.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs users to export and configure API keys in environment variables and commands without warning that these credentials are sensitive and may be exposed through shell history, logs, screenshots, process inspection, or agent output. Because the key grants access to deployment management APIs, exposure could allow unauthorized project changes, deployment actions, or deletion of resources.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The `env list` command retrieves and prints the application's full environment variable blob directly to stdout, which commonly contains API keys, database passwords, and other secrets. In a CLI/agent skill context, stdout may be logged, surfaced to other tools, or shown to unintended users, so this creates a real secret disclosure risk even though the feature is intentional.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The `logs` command fetches deployment logs and prints them unfiltered. Application and deployment logs frequently contain credentials, tokens, connection strings, stack traces, and user data, so exposing them without warning or redaction can leak sensitive information to terminal history, agent transcripts, or centralized logging systems.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script persists the Dokploy API key in plaintext to $HOME/.dokployrc and provides no warning about sensitive credential storage or file permission hardening. Any local user, backup process, shell history review, or accidental file disclosure could expose the key and allow unauthorized access to Dokploy-managed deployments and infrastructure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal