Back to skill
Skillv1.0.0
VirusTotal security
initial-traefik · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:03 AM
- Hash
- 0fbcc51509617158078187ed26b58afc32541d2964e0d62dc692544425859f35
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: initial-traefik Version: 1.0.0 The skill is classified as suspicious due to the default configuration of `--api.insecure=true` in `assets/docker-compose.yml`. While the documentation in `references/features.md` explicitly states this is 'for dev only', deploying Traefik with an insecure API and dashboard by default creates a significant vulnerability, allowing unauthorized access to monitor and potentially reconfigure the proxy. Additionally, the skill mounts the Docker socket (`/var/run/docker.sock:ro`), which, even in read-only mode, grants powerful introspection capabilities into the host's Docker environment.
- External report
- View on VirusTotal