ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Docker Osx

v1.0.0

Run macOS in Docker on Linux with KVM. Use when: user wants to build iOS apps/IPAs, needs macOS environment, wants to compile Apple apps without Mac, or want...

0· 454·0 current·0 all-time
by@nightvibes3
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (run macOS in Docker with KVM to build iOS apps) matches the declared requirements and code: it requires docker and KVM, and the script runs docker commands using the sickcodes/docker-osx image. Nothing requested is unrelated to running a macOS VM in Docker.
Instruction Scope
SKILL.md and the script stick to VM lifecycle and connection tasks (start/stop/status/logs/ssh/vnc). They do not read unrelated host files or request extra credentials. However SKILL.md suggests installing Docker via `curl -sSL get.docker.com | sh` (network-fetch-and-execute) and documents insecure default credentials (SSH password 'alpine') and exposed host ports (50922, 5900), which are operational/security concerns.
Install Mechanism
There is no install spec (instruction-only), which is low-risk for local files. At runtime the script invokes `docker run` which will pull the image sickcodes/docker-osx:stable from Docker Hub if not present — running an external, third-party container image effectively downloads and executes remote code. This is expected for this use case but is a trust boundary you must evaluate (verify image publisher, check image contents, run in isolated environment).
Credentials
The skill requests no environment variables or credentials, which is appropriate. Note: it relies on Docker daemon access (implicit requirement) and uses a documented default password ('alpine') for SSH/VNC — an insecure default that users should change.
Persistence & Privilege
always:false and no special persistent privileges are requested. Runtime behavior requires access to the host's Docker daemon and maps /dev/kvm into the container (needed for virtualization). Mapping /dev/kvm and exposing ports is required for functionality but increases the container's ability to interact with host resources — run only on hosts where this is acceptable.
Assessment
This skill does what it says: it automates running sickcodes/docker-osx in Docker and requires KVM and Docker. Before installing/using it: (1) Understand you will pull and run a third-party container image (inspect the image on Docker Hub, verify the maintainer and recent activity). (2) Do not run it on sensitive or production hosts — the container is granted /dev/kvm access and mapped host ports. Use an isolated VM or disposable host if possible. (3) Change default credentials (SSH/VNC password 'alpine') and restrict network access. (4) Consider scanning the image for malware and reviewing the upstream repo. (5) Be aware of Apple licensing implications for running macOS on non‑Apple hardware (operational/legal, not a security scanner finding). If you cannot verify the image or isolate the runtime, treat the container as untrusted code and avoid running it on critical infrastructure.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🍎 Clawdis
Binsdocker
latestvk9740ze189v756dx1rjqrnntvn81vvwf
454downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
@nightvibes3
latest
Download

Docker-OSX

Run macOS in Docker - build iOS apps on Linux!

Quick Start

start macos        # Boot VM (2-5 min)
status macos       # Check if ready
ssh macos          # Connect
stop macos         # Shutdown

Commands

CommandDescription
start macosBoot macOS VM
stop macosShutdown VM
status macosCheck running
ssh macosGet SSH command
vnc macosGet VNC address
logs macosView logs

Connection

  • SSH: port 50922, password: alpine
  • VNC: port 5900

Building iOS

# In macOS terminal:
xcode-select --install
git clone <repo>
cd repo
xcodegen generate
xcodebuild -project App.xcodeproj -scheme App -configuration Release -destination 'generic/platform=iOS' CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO build

Errors

ErrorFix
KVM not availableServer needs hardware virtualization
Docker not installed`curl -sSL get.docker.com

Resources

  • 4+ CPU cores
  • 8GB+ RAM
  • 100GB disk

Comments

Loading comments...