ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Docker MCP Toolkit

v0.1.1

Control and use an MCP Toolkit running in Docker. Use when setting up Docker MCP Toolkit (docker compose up/down), checking status/logs, configuring environm...

0· 390·0 current·0 all-time
byCauhi@pcauhi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the observed files and scripts: all scripts call the `docker mcp` CLI for listing/enabling/disabling servers and calling tools. There are no unrelated binaries, credentials, or config paths requested.
Instruction Scope
SKILL.md limits runtime activity to running provided scripts and Docker MCP commands. The scripts do not read unrelated files or environment variables and do not exfiltrate data. They require `jq` for JSON parsing and call `docker mcp tools call` as advertised.
Install Mechanism
Instruction-only with bundled scripts; there is no install specification or remote download. Nothing is written to disk by an installer beyond the included script files.
Credentials
The skill requests no environment variables or secrets. The documentation recommends using Docker Desktop's secret store and least-privilege credentials, which is appropriate for a toolkit that can invoke tools against external services.
Persistence & Privilege
always is false and the skill does not attempt to persist configuration or modify other skills. It requires Docker Desktop and may be invoked autonomously (default) which is normal for skills; this alone is not a problem.
Assessment
This skill is a thin, coherent wrapper around the `docker mcp` CLI. Before using it: ensure Docker Desktop (MCP-enabled) and jq are installed; run ./scripts/preflight.sh; review the list of exposed MCP tools (./scripts/tools.sh) and understand what each tool does, because invoking tools can perform side effects on databases or services; do not expose the MCP gateway to the public network, and prefer the desktop keychain/secrets integration for credentials. If you plan to pass nested JSON objects/arrays, note the call-tool.sh intentionally rejects them — inspect or call `docker mcp tools` directly for tool-specific argument formats.

Like a lobster shell, security has layers — review code before you run it.

latestvk970vw67p569epbm2aaj7zdxqx821g5k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Docker MCP Toolkit

Run, manage, and invoke Docker Desktop’s MCP Toolkit using the docker mcp CLI.

Install + preflight (Docker Desktop)

  1. Install/upgrade Docker Desktop (MCP Toolkit is in Docker Desktop 4.62+ per docs).

  2. Enable MCP Toolkit:

  • Docker Desktop → SettingsBeta featuresEnable Docker MCP ToolkitApply.
  1. Preflight:
./scripts/preflight.sh

Quick start

List enabled servers/tools:

./scripts/servers.sh
./scripts/tools.sh

Core operations

  • List/enable/disable servers:

    • ./scripts/servers.sh
    • ./scripts/server-enable.sh <server-name>
    • ./scripts/server-disable.sh <server-name>

  • List tools:

    • ./scripts/tools.sh

  • Invoke a tool (via Docker’s gateway/tool runner):

./scripts/call-tool.sh --tool "mcp-find" --json '{"query":"postgres","limit":5}'

Notes:

  • call-tool.sh requires jq.
  • docker mcp tools call uses key=value tokens.
  • Non-string values use := (example: limit:=5, activate:=true).
  • This skill currently supports only primitive JSON values (string/number/bool/null). Nested objects/arrays are rejected.
  • For tools requiring object arguments (e.g. mcp-config-set), call docker mcp tools inspect <tool> --format json then run docker mcp tools call ... directly until this skill adds a tested encoder.

How invocation works (important)

Docker MCP Toolkit runs an MCP Gateway and exposes tools through it. This skill intentionally uses the docker mcp tools … commands so OpenClaw can invoke tools without needing native MCP client support.

If you need a true MCP client connection (stdio/SSE), pair this skill with the mcporter skill.

Secrets and safety

  • Prefer Docker Desktop’s secrets/keychain integration when possible.
  • Do not expose gateway ports publicly.
  • Use least-privilege credentials (separate Neon role with only required grants).

For hardening guidance, read: references/security.md.

Troubleshooting

  • If commands say “Docker Desktop is not running”: start Docker Desktop.
  • If MCP Toolkit isn’t visible: confirm it’s enabled in Beta features.
  • If a tool call fails: run docker mcp tools --verbose inspect <tool> and check Docker Desktop MCP Toolkit UI for server configuration.

Files

10 total
Select a file
Select a file to preview.

Comments

Loading comments…