Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
MoltDocker
v1.0.0Enables the bot to manage Docker containers, images, and stacks.
⭐ 1· 2.2k·11 current·11 all-time
by@mkrdiop
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md clearly implements a Docker manager (running docker ps, logs, inspect, rm, rmi, system prune). However, the registry metadata for the skill lists no required binaries while the skill header declares bins: ["docker"] — that's an inconsistency that should be clarified.
Instruction Scope
The runtime instructions are narrowly focused on Docker commands and include sensible safety rules (ask before rm/rmi/prune). They do instruct the agent to run docker logs/inspect which can expose sensitive container output (environment variables, secrets, files) and may leak data if transmitted. The instructions do not reference unrelated files or credentials.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest installation risk. Nothing is written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is fine. However, practical use requires access to the Docker CLI and to the Docker daemon (typically via /var/run/docker.sock or equivalent API). That socket grants effectively root-level control over the host; the SKILL.md does not mention this or recommend running against a restricted/remote Docker endpoint.
Persistence & Privilege
always:false and no install actions — the skill does not request permanent presence or modify other skills. Note: model invocation is allowed (agent can run autonomously) by default; combined with Docker daemon access, autonomous actions could have high impact, so consider limiting autonomy or requiring explicit confirmations.
What to consider before installing
This skill appears to do what it says (manage Docker), but there are practical and security gaps you should address before installing:
- Verify the runtime: the SKILL.md expects the docker CLI and access to Docker daemon (e.g., /var/run/docker.sock). Confirm whether your agent environment actually provides Docker and whether the socket is exposed. Access to the Docker daemon is equivalent to root on the host — treat it as highly sensitive.
- Ask the skill author (or registry) to fix the metadata inconsistency (declare docker as a required binary) and to document whether it intends to use a local Docker socket or a remote/limited API.
- Restrict where this skill runs: if possible, run it in an isolated sandbox or against a remote Docker endpoint with least privilege rather than exposing the host Docker socket.
- Consider disabling autonomous invocation or require explicit user confirmations for destructive operations (rm, rmi, system prune) — the SKILL.md already recommends this but enforce it in the agent config.
- Be cautious about logs/inspect output: container logs and inspect can contain secrets or private data. Treat any data the skill returns as potentially sensitive.
If you can't confirm the environment and the author, test the skill in a disposable VM/container first or decline installation.Like a lobster shell, security has layers — review code before you run it.
latestvk970w401cd6q3kb3mvtx2j1ces803zxz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.