Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Self-Host Deployer
v1.0.0Deploy self-hosted applications to any VPS with Docker Compose. Catalog of 18 apps with production-ready configs, Nginx reverse proxy, SSL via Certbot, autom...
⭐ 0· 31·0 current·0 all-time
bySamih Mansour@llcsamih
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description (deploy self-hosted apps with Docker Compose, Nginx, Certbot, backups) align with the runtime instructions. However the registry metadata claims no required binaries or credentials while the SKILL.md clearly expects many host tools (git, docker/docker-compose, openssl, npm/node, certbot, curl, ssh) and root/sudo SSH access. That mismatch between declared requirements and actual steps is inconsistent.
Instruction Scope
The instructions explicitly ask the user for VPS IP and SSH credentials (root or sudo), instruct cloning repos, editing and writing .env files under /opt, generating secrets, installing npm packages and running commands remotely (e.g., running docker-compose, certbot). These are within the stated deployment purpose but are high-risk operations because they give the agent the ability to run arbitrary shell commands on your server and modify system-wide state.
Install Mechanism
There is no install spec (instruction-only), which minimizes what is written to the local agent. However, the skill assumes many binaries and remote installs on the target VPS. The metadata omits required binaries while the instructions rely on external tools and clones from GitHub — this inconsistency is a red flag because it hides the true operational requirements.
Credentials
The skill requests SSH credentials and a domain/email for Certbot — these are legitimately needed to deploy to a VPS, but they are sensitive. The skill does not request unrelated cloud/API keys, which is good. Still, asking for root-level SSH access gives broad control over the target machine and should only be granted with caution and explicit user understanding.
Persistence & Privilege
The skill does not set always:true and is user-invocable only. It will instruct changes on the VPS (writing stacks under /opt, configuring proxy, SSL, backups) which are normal for deployment tools, but these are system-wide changes requiring privileged access — verify commands before running. Autonomous invocation plus ability to collect credentials increases risk if you enable the agent to act without supervision.
What to consider before installing
This skill does what it says (deploy apps) but requires giving SSH access and running many remote commands — only proceed if you trust the skill's author and you understand the commands it will run. Before using: (1) ask the publisher for a homepage/source and verify GitHub repo URLs are official; (2) prefer creating an unprivileged/deploy user or use an ephemeral SSH key rather than providing root; (3) request the generated docker-compose.yml and .env files for manual review before applying them; (4) snapshot or backup the VPS (or test on a throwaway VM); (5) verify any repos/third-party downloads the instructions use and avoid running npm/global installs blindly; (6) if you want the same automation but less risk, ask the skill to produce step-by-step commands you can run manually instead of giving credentials/upfront remote access.Like a lobster shell, security has layers — review code before you run it.
latestvk974n8yh3h6y7zk5yygn2vpwd584f24w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.