Proxy Manager
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: proxy-manager Version: 1.0.2 The Proxy Manager skill is a standard utility for managing a development reverse proxy using the well-known `jwilder/nginx-proxy` image. While it requires high-privilege access to the Docker socket (`/var/run/docker.sock`) to function, this requirement is explicitly documented in `SKILL.md` and `docker-compose.yml`. The implementation includes security best practices such as binding port 80 to `127.0.0.1` to prevent external access, and the `run.sh` script contains only legitimate container and network management logic with no evidence of malicious intent or data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can start or stop a local proxy container and connect it to project Docker networks.
The script starts Docker services and changes Docker network membership. This is expected for a proxy manager, but it can alter the user's local Docker environment.
docker compose -f "$COMPOSE_FILE" up -d ... docker network connect "$NET" "$PROXY_CONTAINER"
Use it only on the intended development Docker host, prefer targeted connect commands, and review the network prefix before using auto-connect.
The proxy container can inspect Docker daemon state; if the image or container were compromised, Docker socket exposure could increase local impact.
The nginx-proxy container receives access to the Docker daemon socket for container discovery. The skill discloses this, but Docker socket access is a high-trust local privilege.
- /var/run/docker.sock:/tmp/docker.sock:ro
Run only on trusted development machines, avoid exposing sensitive containers to this Docker host, and consider a more restrictive Docker socket proxy if needed.
Starting the proxy may pull and run a third-party container image on the user's machine.
The skill relies on an external Docker image. The tag is pinned, which is good, but the image contents are not included in the provided artifacts.
image: jwilder/nginx-proxy:1.3.1
Review and trust the referenced Docker image before use; for stronger supply-chain control, pin by digest and track image updates deliberately.
The local proxy can continue running after Docker or host restarts until the user stops it.
The proxy container is configured to keep running across Docker daemon restarts. This persistence is disclosed in SKILL.md and fits the proxy purpose.
restart: unless-stopped
Stop it with the documented stop command when it is no longer needed, and periodically check Docker status on shared development machines.