ClawHub

Production Docker Compose

v1.0.0

Generate production-grade docker-compose.yml for any project. Includes health checks for every service, network segmentation (frontend/backend/db), resource...

0· 7·0 current·0 all-time
bySamih Mansour@llcsamih
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md details detecting the app stack, ports, databases, and producing a production-ready docker-compose.yml. No unrelated binaries, credentials, or install steps are requested.
Instruction Scope
The instructions require scanning the project directory and reading files such as Dockerfile, package manifests, and .env/.env.local/.env.example to detect stack, ports, and environment variables. That file access is necessary for the stated task, but it does mean the skill will read files that often contain secrets (e.g., .env). The SKILL.md does not instruct the agent to transmit data to external endpoints or read unrelated system paths.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install surface. Nothing is downloaded or written by an installer step described in the registry metadata.
Credentials
The registry metadata doesn't request environment variables or credentials. The runtime instructions reference and prefer using .env (env_file) and Docker Compose variable interpolation (e.g., ${POSTGRES_PASSWORD:?...}). Reading .env files is proportional to generating a compose file, but those files can contain secrets, so review them carefully before sharing or committing.
Persistence & Privilege
always is false and model invocation is permitted by default. The skill does not request persistent/system-level privileges or modify other skills' configs according to the provided metadata and SKILL.md.
Assessment
This skill appears coherent for creating production docker-compose.yml files. Before using it: (1) be aware it will read your project files and .env files — those often contain secrets, so avoid exposing them to third parties and don’t commit them to source control; (2) review the generated docker-compose.yml before running it in production (check healthchecks, ports, network settings, and that no insecure defaults like weak passwords remain); (3) consider replacing env_file usage with a secrets manager or Docker secrets for sensitive values; and (4) validate resource limits and restart policies against your environment — the generator's defaults may need tuning. If you want higher assurance, ask the publisher for examples of generated outputs for your stack or run the generator on a copy of the project that has secrets redacted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ah29kveqdj5300k5mb3tss984ezym

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments