Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Astra Docker
v1.0.0Interact with Astra's Docker container workspace by executing commands and reading or writing files at /workspace inside the astra-env container.
⭐ 0· 640·2 current·2 all-time
by@walniek
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose is to interact with an Astra Docker workspace at /workspace (reasonable). However the skill implicitly requires access to the docker daemon (it runs 'sudo docker exec ...') and the presence of a container named 'astra-env'—none of which are declared in the registry metadata (no required binaries or config). That mismatch between claimed requirements and actual capabilities is incoherent.
Instruction Scope
SKILL.md and index.js both instruct the agent to execute arbitrary shell commands inside the container and to write arbitrary files into the workspace. While that fits the stated goal of workspace interaction, it also gives the skill the ability to read and transmit any data accessible inside the container (and, depending on mounts, on the host). The instructions give broad discretion (run any command) without constraints, increasing risk of exfiltration or unintended host effects.
Install Mechanism
There is no install spec (instruction-only with a code file present). No external downloads or install steps are specified, which is lower risk from an installation perspective. The included index.js is a small module that invokes child_process.exec; its presence is expected for this functionality.
Credentials
The skill declares no required environment variables or credentials, but it depends on sudo and docker socket access to run commands as root in a container. Requesting no declared binaries/credentials while requiring elevated local privileges is disproportionate and under-specified. No safeguards or explicit consent prompts are described.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide configuration changes. The skill can be invoked autonomously (default), which increases blast radius if abused, but that alone is not a disqualifier—there are no additional privileged persistence claims.
What to consider before installing
This skill runs arbitrary shell commands inside a container using 'sudo docker exec' and can read/write files in /workspace. Before installing: (1) confirm you trust the environment and the container name 'astra-env' exists; (2) understand that it requires access to the docker daemon (sudo) even though the metadata doesn't declare that—this is effectively elevated local privilege; (3) review index.js yourself for unsafe quoting/escape edge cases and consider restricting allowed commands or paths; (4) do not install on machines with sensitive mounts or exposed host docker socket unless you fully trust the skill and its maintainer. If you need only a narrow set of operations, prefer a version that limits commands or declares required binaries/permissions explicitly.Like a lobster shell, security has layers — review code before you run it.
latestvk976vgb360mkvcf58d2r6g9m1h81d5vs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.