Redis Commander
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent local Redis Commander Docker helper, but users should notice that it starts a Redis admin UI with default credentials, a mutable Docker image tag, and reboot persistence.
Use this only for intended local development Redis instances. Before starting it on a shared or important machine, set strong COMMANDER_PASSWORD and REDIS_PASSWORD values, consider pinning the Docker image version, and stop the container when you are done.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to the wrong Redis instance or used carelessly, Redis data in the local dev environment could be modified or removed.
The skill intentionally exposes an administrative Redis UI, which is purpose-aligned but can be used to view, change, or delete Redis keys.
providing a web UI for Redis key inspection and management
Use it only against intended local-development Redis containers and be careful with destructive Redis Commander actions.
On shared machines or less isolated environments, default credentials could let another local user or process access the Redis Commander UI.
The artifacts disclose default credentials for the web UI and Redis connection; this is expected for the integration but weak if left unchanged.
`COMMANDER_PASSWORD` | `admin` ... `REDIS_PASSWORD` | `redispass`
Override COMMANDER_PASSWORD and REDIS_PASSWORD with non-default values before using this outside a private local dev setup.
A future image update could change behavior or introduce vulnerabilities while still being used by the same skill command.
The Docker image is pulled by a mutable latest tag, so the code run in the container can change over time without a pinned digest or version.
image: rediscommander/redis-commander:latest
Prefer pinning the Redis Commander image to a specific version or digest, especially in environments with important Redis data.
The Redis Commander UI may remain available on localhost after reboot until explicitly stopped.
The skill discloses persistent container behavior, which is appropriate for a local service but means it can continue running after the initial task.
the container uses `restart: unless-stopped` and survives reboots
Run the stop command when finished, and check container status if you do not want the service to keep running.