Sites Friendify Integration
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: sites-friendify-integration Version: 1.0.0 The skill bundle facilitates site deployment and management for the 'sites.friendify.cloud' platform. It outlines a legitimate workflow involving Docker Compose deployment, Traefik configuration, and an authentication flow using registration codes. No indicators of malicious intent, data exfiltration, or deceptive prompt injection were found; the high-privilege actions (Docker execution) are directly aligned with the stated purpose of the skill.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could create or modify running containers and public web routing in ways the user did not fully review.
The skill directs the agent to perform container and reverse-proxy deployment from a brief user request, but does not define safe compose templates, allowed paths/images, domain limits, approval checkpoints, or rollback behavior.
When user requests "erstelle seite": 1. Deploy site via Docker Compose with Traefik labels
Require an explicit deployment plan and user approval before running Docker/Traefik actions, and restrict the skill to known templates, paths, labels, domains, and rollback steps.
If the token is broad or mishandled, the agent may be able to generate codes or manage sites beyond what the user intended.
The required gateway token is disclosed and appears related to the integration, but it likely grants management authority for protected site actions.
requires": {"env": ["OPENCLAW_GATEWAY_TOKEN"]}, "primaryEnv": "OPENCLAW_GATEWAY_TOKEN"Use a least-privilege token limited to the needed sites.friendify.cloud routes and avoid sharing it with unrelated skills or sessions.
Users may not realize the skill depends on local deployment tooling or may grant broader host access than expected.
The instructions imply Docker Compose and Traefik environment requirements, while the provided registry requirements declare no required binaries and no install spec.
Deploy site via Docker Compose with Traefik labels
Declare Docker/Compose/Traefik prerequisites in metadata and document the exact deployment files and host permissions needed.