ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dokploy

Manage Dokploy deployments, projects, applications, and domains via the Dokploy API.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 137 · 0 current installs · 0 all-time installs
by米空格@laoshu133
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code (bash CLI scripts) implements project, app, domain, and deployment management against a Dokploy REST API — this matches the skill name/description. The scripts use curl/jq to call endpoints documented in SKILL.md and perform expected actions.
Instruction Scope
SKILL.md and the scripts only instruct the agent/user to call the Dokploy API, read/write a single config file (~/.dokployrc), and use curl/jq. They do not attempt to read unrelated system secrets or post data to unexpected external services beyond the configured DOKPLOY_API_URL.
Install Mechanism
There is no install spec or remote download. The skill is instruction-only with bundled shell scripts. No external archives, package installs, or URL downloads are performed during install.
!
Credentials
Registry metadata at the top claims no required env vars or binaries, but .clawdhub/package.json and SKILL.md/scripts require DOKPLOY_API_URL, DOKPLOY_API_KEY and binaries curl and jq. This mismatch is an incoherence: the scripts will fail or prompt for secrets if those env vars/binaries are not present, and the registry did not advertise that requirement.
Persistence & Privilege
The skill does not request elevated privileges or 'always' inclusion. It does write a per-user config file (~/.dokployrc) to store the API URL and key, which is reasonable for a CLI but worth noting because it persists an API key in the user's home directory (in plain text).
What to consider before installing
The scripts appear to do what the description says, but the published metadata omitted key requirements. Before installing: 1) Verify you have curl and jq installed. 2) Only provide DOKPLOY_API_KEY to trusted Dokploy instances (DOKPLOY_API_URL) because the CLI will send that key to whatever URL you set. 3) Be aware the skill will write ~/.dokployrc containing your API URL and key in plain text — if you prefer, avoid using dokploy-config set and instead export env vars per session. 4) If the registry page doesn't list required env vars or binaries, ask the publisher to fix metadata or inspect the scripts yourself (they are included) to confirm no unexpected behavior. If you cannot verify the upstream source of this skill, consider withholding the API key or running the scripts in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk97761qgc66p0n0rh339863wfd82mxht

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Dokploy Skill

Interact with Dokploy's API to manage projects, applications, domains, and deployments.

Prerequisites

  1. Dokploy instance running with API access
  2. API Key generated from /settings/profile → "API/CLI Section"
  3. Set the DOKPLOY_API_URL environment variable (default: http://localhost:3000)

Configuration

Set these environment variables or use the config command:

# Dokploy instance URL
export DOKPLOY_API_URL="https://your-dokploy-instance.com"

# Your API token
export DOKPLOY_API_KEY="your-generated-api-key"

# Or run the config command
dokploy-config set --url "https://your-dokploy-instance.com" --key "your-api-key"

Projects

List all projects

dokploy-project list

Get project details

dokploy-project get <project-id>

Create a new project

dokploy-project create --name "My Project" --description "Description here"

Update a project

dokploy-project update <project-id> --name "New Name" --description "Updated"

Delete a project

dokploy-project delete <project-id>

List environments in a project

dokploy-project envs <project-id>

Applications

List applications in a project

dokploy-app list --project <project-id>

Get application details

dokploy-app get <application-id>

Create an application

dokploy-app create \
  --environment-id <environment-id> \
  --name "my-app" \
  --type "docker" \
  --image "nginx:latest"

Application types: docker, git, compose

Trigger deployment

dokploy-app deploy <application-id>

Get deployment logs

dokploy-app logs <application-id> --deployment <deployment-id>

List deployments

dokploy-app deployments <application-id>

Update application

dokploy-app update <application-id> --name "new-name" --env "KEY=VALUE"

Delete an application

dokploy-app delete <application-id>

Domains

List domains for an application

dokploy-domain list --app <application-id>

Get domain details

dokploy-domain get <domain-id>

Add a domain to an application

dokploy-domain create \
  --app <application-id> \
  --host "app.example.com" \
  --path "/" \
  --port 80

Update a domain

dokploy-domain update <domain-id> --host "new.example.com"

Delete a domain

dokploy-domain delete <domain-id>

Environment Variables

List environment variables for an application

dokploy-app env list <application-id>

Set environment variable

dokploy-app env set <application-id> --key "DATABASE_URL" --value "postgres://..."

Delete environment variable

dokploy-app env delete <application-id> --key "DATABASE_URL"

Utility Commands

Check API connection

dokploy-status

View current config

dokploy-config show

API Reference

Base URL: $DOKPLOY_API_URL/api

EndpointMethodDescription
/project.allGETList all projects
/project.createPOSTCreate project
/project.oneGETGet project by ID
/project.updatePOSTUpdate project
/project.removePOSTDelete project
/application.searchGETList applications
/application.createPOSTCreate application
/application.oneGETGet application by ID
/application.updatePOSTUpdate application
/application.deletePOSTDelete application
/application.deployPOSTTrigger deployment
/deployment.allGETList deployments
/deployment.byIdGETGet deployment by ID
/deployment.logsGETGet deployment logs
/domain.allGETList domains
/domain.createPOSTCreate domain
/domain.updatePATCHUpdate domain
/domain.deleteDELETEDelete domain

Notes

  • All API calls require the x-api-key header
  • Use jq for JSON parsing in scripts
  • Some operations require admin permissions
  • Deployment is asynchronous — use status endpoint to check progress
  • Note: Currently, Dokploy only provides a REST API for Deployment Logs. Real-time Application Runtime Logs (container logs) are only available via WebSocket and cannot be accessed through this CLI skill.

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…