Lerwee Docker Lwops Deployer
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a real Docker deployer, but it can make broad system changes such as installing/enabling Docker and running a privileged remote container without clearly separating check/status requests from deployment.
Only install this on a development or test host where you are comfortable with Docker being installed/enabled and a privileged LwOps container running persistently. Avoid the documented NOPASSWD:ALL sudo configuration, review/pin the Docker image, and require explicit confirmation before deployment actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A request that sounds like checking status or inspecting Docker could still change the machine by installing software and starting a container.
The script accepts input but the deployment path shown does not gate high-impact actions on explicit deploy intent; it proceeds to Docker installation, image pull, and container start when the container is not already running.
input="$1" ... if ! ensure_docker_installed; then ... if ! docker_pull "$image"; then ... if ! docker_start_container "$CONTAINER_NAME" "$image" "$host_port1" "$host_port2" "$cgroup_mode"; then
Require explicit user confirmation before installing Docker, pulling images, deleting/replacing containers, or starting privileged containers; add separate read-only status/check modes.
If followed, any process running as that user could perform arbitrary root-level actions without a password prompt.
The documentation recommends granting the user passwordless sudo for all commands, which is much broader than the Docker deployment task.
配置 sudo 无密码(推荐用于自动化): echo "$USER ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/$USER
Do not grant blanket NOPASSWD:ALL. Use manual approval or a tightly scoped sudoers rule limited to the specific Docker/package commands required.
A changed or compromised remote image could receive broad access to the host through the privileged Docker container.
The skill uses mutable ':latest' images from an external registry and intends to run them in privileged mode, increasing the impact of any image compromise or unexpected update.
`swr.cn-south-1.myhuaweicloud.com/cloud-lwops/lwops_rocky8_x86_image:latest` ... `swr.cn-south-1.myhuaweicloud.com/cloud-lwops/lwops_rocky8_arm_image:latest` ... **启动参数**:`--privileged`
Pin images by digest, document image provenance, verify signatures if available, and avoid privileged mode unless absolutely necessary.
Docker and the deployed container may keep running after the chat task finishes and may restart with the system.
The skill enables the Docker service and starts the LwOps container detached in the background. This is purpose-aligned for a deployer, but it persists beyond the immediate interaction.
sudo systemctl enable docker >/dev/null 2>&1 ... sudo docker run -d \
Install only on hosts where a persistent Docker service and LwOps container are intended; provide clear stop, disable, and cleanup steps.