Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hostinger VPS MCP Tools
v1.0.0Set up Hostinger VPS servers as AI virtual employees with GUI and Koda (OpenClaw). Use when deploying new VPS instances, setting up remote desktops, installi...
⭐ 0· 362·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the included scripts and UI code: the package provisions Hostinger VPS via mcporter/Hostinger MCP and configures a GUI, Docker, Koda (OpenClaw) containers, VPN/tunnels, and identity files. That's coherent with the stated purpose. Minor mismatch: the skill declares no required environment variables in metadata, yet the runtime depends on a Hostinger API token (entered via the UI and stored in the vault).
Instruction Scope
SKILL.md and the scripts instruct the agent/user to perform many privileged operations on a target VPS as root: create a 'koda' user with NOPASSWD sudo, change SSH port, enable XRDP and open RDP port, install Docker and build containers, add SSH keys and disable password auth, and modify system networking/firewall. The instructions also write and read vault and mcporter config files under the agent/home directory. These actions are expected for a full VPS deploy, but they are high‑impact and not narrowly scoped — e.g., passwordless sudo and an RDP server exposed by default increase attack surface and deserve explicit user warning and opt-in.
Install Mechanism
There is no central 'install' spec for the skill, but the scripts perform remote installs on the VPS using apt and a number of network installs (curl | sh for Docker and Tailscale, downloading cloudflared .deb from GitHub releases). Curl‑pipe‑to‑sh and remote package installs are common for one‑shot provisioning but carry supply‑chain risk and should be audited by the user before running on production systems.
Credentials
Although metadata lists no required env vars, the skill absolutely expects a Hostinger API token to be entered in the UI and persisted to ~/.openclaw/secrets.json. The backend code also reads/writes various config paths (mcporter configs in several candidate locations and the secrets vault) and will modify mcporter configuration (mcpServers). That is reasonable for an integration but is still broad: it writes tokens and alters a shared mcporter config which may affect other integrations. The skill also offers optional integration with third‑party MCPs (Zapier/Pipedream) that would require user-supplied endpoints/keys.
Persistence & Privilege
The skill modifies local agent files (writes secrets.json vault entries and mcporter config under the user's home workspace). While adding its own config is expected for integrations, it does edit a shared mcporter config (potentially impacting other MCP entries) and writes persistent credentials into the agent vault. The skill is not marked always:true, and it does not autonomously escalate that flag, but persistent access to the vault and to mcporter configuration increases the blast radius if misused.
What to consider before installing
Before using this skill, be aware it will perform many root‑level changes on a VPS and add persistent configuration/credentials to your agent environment. Recommendations:
- Inspect every script (deploy-all.sh and all scripts it calls) locally before running and remove or modify steps you don’t want (e.g., the NOPASSWD sudo line).
- Treat the initial runs as happening on a disposable/test VPS. Don’t run on production machines until you’re comfortable.
- Consider removing or changing the sudo NOPASSWD for the 'koda' user and avoid exposing XRDP (port 3389) publicly. Prefer VPN/tunnel (Tailscale/WireGuard/Cloudflare Tunnel) and then run lockdown steps.
- Audit any curl | sh installers (get.docker.com, tailscale install script) or replace them with package manager installs you control.
- Note the skill will ask you to provide a Hostinger API token via the UI and will store it in ~/.openclaw/secrets.json; if you have other mcporter integrations, be aware the skill will create/edit mcporter config entries which could affect them.
- If you want stronger safety: run scripts line-by-line manually over an SSH session rather than running deploy-all.sh, and avoid installing optional third‑party MCP integrations (Zapier/Pipedream) unless needed.
If you want me to, I can walk through the most sensitive lines and suggest safe edits (e.g., remove NOPASSWD, avoid exposing XRDP, replace curl|sh installs, or run Docker without adding the user to the docker group).Like a lobster shell, security has layers — review code before you run it.
latestvk970nqngx3bm89c0edjjkfsjm5822b3p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.