Redis Manager
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent local Redis Docker manager; its notable risks are disclosed Docker control, a default Redis password, persistent container data, and confirmed data-flush commands.
This appears safe for local development if you intend to manage a shared Redis container. Before installing, set a unique REDIS_PASSWORD on shared machines, be careful with flush and cli commands because they can delete or modify Redis data, and remember to stop the container when you no longer need it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user or agent confirms the prompt or uses the interactive CLI carelessly, Redis data for local development projects can be changed or deleted.
The script exposes high-impact Redis operations, including a full flush and an interactive redis-cli session. The flush path includes an explicit confirmation prompt, so this is purpose-aligned but still worth user attention.
read -r -p "FLUSHALL: remover TODOS os dados do Redis? Esta ação é irreversível. [s/N] " confirm ... redis_cmd FLUSHALL ... docker exec -it "$REDIS_CONTAINER" redis-cli
Only run flush commands when intentionally resetting Redis, prefer flush-db for targeted cleanup, and verify the container and database number before confirming.
Other local containers on the shared network, or anyone with local access who knows the default password, may be able to access the dev Redis instance.
The Redis service defaults to the password 'redispass' and joins a shared Docker network. The skill discloses this and recommends changing it, but the default credential is still a boundary users should notice.
command: redis-server --requirepass ${REDIS_PASSWORD:-redispass} ... name: ${CODAI_NETWORK:-nginx-proxy_net}Set a non-default REDIS_PASSWORD before using real or sensitive data, especially on shared machines or shared Docker networks.
Redis may keep running after the immediate task, and its data may remain in the Docker volume even after stopping the container.
The container is configured to restart until explicitly stopped and stores data in a named Docker volume. This persistence is disclosed and expected for a local database manager.
restart: unless-stopped ... volumes:
- redis_data:/dataRun ./run.sh stop when finished, and remove the Docker volume only when you intentionally want to delete persisted Redis data.
It is harder to independently verify which release this package represents.
The supplied artifacts have inconsistent version identifiers and no homepage/source link, which reduces provenance clarity even though the included code is readable and simple.
metadata Version: 1.0.2; SKILL.md: "version: 1.1.0"; _meta.json: "version": "1.0.1"; Source: unknown; Homepage: none
Review the included files before use and install only if you trust the publisher or can verify the package through other means.