ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lerwee Docker Lwops Deployer

本地 Docker 容器自动化部署技能,支持乐维监控 8.1 环境的一键部署。 适用于:本地开发环境搭建、测试环境快速部署、容器化服务管理。 优势:自动检测系统架构、智能端口管理、Docker 自动安装、cgroup 兼容性处理。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 37 · 0 current installs · 0 all-time installs
by@lerwee
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (one‑click local Docker deployment of lwops) align with the included scripts and functions: detecting OS/arch, installing Docker, pulling images from swr.cn-south-1.myhuaweicloud.com and launching a container. Required binaries/env/config declared (bash, no env vars) are consistent with this purpose.
!
Instruction Scope
SKILL.md and the scripts perform system-level operations consistent with deployment (installing packages, adding Docker apt repo, starting services, pulling images). However the documentation suggests insecure practices (configuring sudo NOPASSWD for automation) and the scripts use sudo extensively; the skill will modify system state (install packages, enable docker service) and runs containers with --privileged and host cgroup mounts. These actions are within the deployment scope but materially broaden what the skill can do on the host and should be reviewed by the user.
Install Mechanism
No external arbitrary binary download or obscure URLs in the skill bundle itself. The scripts use official Docker download URLs (download.docker.com) and pull images from Huawei SWR (swr.cn-south-1.myhuaweicloud.com). The skill is delivered as shell scripts (no package manager install spec), so installation is local file copy and enabling the skill; this is expected and traceable.
!
Credentials
The skill requests no credentials or environment variables (proportionate). But it requires sudo/root actions at runtime and the INSTALL.md explicitly recommends adding a NOPASSWD sudoers entry for automation — an instruction that weakens host privilege controls. The skill does not request unrelated credentials, but its need for elevated privileges is substantial.
!
Persistence & Privilege
Skill is not marked always:true and does not auto-enable itself in other skills. However runtime behavior requires elevated privileges (installing packages, enabling services) and it launches containers with --privileged and mounts /sys/fs/cgroup into the container (rw for cgroup v2). Those choices increase blast radius if the deployed image or container is untrusted.
What to consider before installing
This skill appears to implement what it claims (automated local Docker deployment) but operates at high privilege. Before installing or running it: 1) Verify the source repository and inspect the container images it pulls (swr.cn-south-1.myhuaweicloud.com) to ensure you trust the image contents. 2) Do not apply the suggested sudo NOPASSWD unless you accept the security tradeoffs — prefer running with a sudo password or adding your user to the docker group where appropriate. 3) Avoid running the container with --privileged on production hosts; test first in an isolated VM or disposable environment. 4) If you must run it on a shared machine, review execute.sh and lib/* to confirm there is no unexpected network exfiltration or commands you don’t want executed. 5) If unsure, ask the maintainer for signed releases or reproducible build artifacts and consider running the deployment manually step‑by‑step instead of full automation.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97cj008mm2mtepbpttq9re8qx83n1jc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐳 Clawdis
Binsbash

SKILL.md

Docker LwOps 部署技能

自动化部署乐维监控 8.1 Docker 容器的本地技能,支持一键安装和智能配置。

功能特性

  • 🔧 Docker 自动安装:自动检测系统类型并安装 Docker
  • 🏗️ 架构智能检测:支持 x86_64 和 aarch64 架构
  • 🔌 智能端口分配:自动检测端口冲突并分配可用端口
  • ⚙️ cgroup 兼容:自动处理 cgroup v1/v2 兼容性问题
  • 🚀 一键部署:快速启动乐维监控 8.1 容器环境
  • 📊 详细反馈:输出容器访问地址和端口映射信息

使用方式

当用户请求部署乐维监控容器、检查 Docker 环境、或管理相关容器时,此技能会被自动调用。

使用场景

何时使用此技能

当你的查询包含以下特征时,应该使用此技能:

  1. 乐维监控相关部署:明确提到"乐维监控"、"乐维8.1"、"lwops"等关键词
  2. 容器部署操作:请求部署、启动、创建 Docker 容器
  3. 环境管理:检查 Docker 安装状态、容器运行状态
  4. 容器操作:重新部署、查看状态、查询访问地址

常见使用场景

场景 1:首次部署

  • 示例:部署一个乐维监控 8.1 容器
  • 说明:自动安装 Docker(如果需要),拉取镜像并启动容器

场景 2:重新部署

  • 示例:重新部署 lwops_rocky8_image_8.1 容器
  • 说明:删除现有容器并重新创建

场景 3:智能端口分配

  • 示例:部署乐维监控容器,自动分配可用端口
  • 说明:检测端口冲突并自动使用可用端口

场景 4:查询容器信息

  • 示例:查询容器的访问地址和端口映射
  • 说明:获取容器状态和访问 URL

与其他工具的区别

特性本技能手动部署
Docker 安装自动检测并安装需要手动操作
架构适配自动选择镜像需要手动指定
端口管理自动检测冲突需要手动检查
cgroup 处理自动兼容需要手动配置

最佳实践

  1. 权限要求:确保用户有 sudo 权限(安装 Docker 需要)
  2. 网络环境:确保能访问华为云镜像仓库(swr.cn-south-1.myhuaweicloud.com)
  3. 端口规划:默认使用 8000 和 8081 端口,如有冲突会自动调整
  4. 容器管理:容器名称固定为 lwops_rocky8_image_8.1,重复部署会自动替换

配置

无需配置

此技能不需要任何环境变量或配置参数,开箱即用。

系统要求

  • 操作系统:Ubuntu、Debian、CentOS、RHEL、Fedora、Arch Linux
  • 架构支持:x86_64(amd64)、aarch64(arm64)
  • 权限:sudo 权限(用于安装 Docker 和管理容器)
  • 网络:能访问华为云 SWR 镜像仓库

技术实现

输入格式

此技能接收自然语言输入,无需特定的 JSON 格式。例如:

  • "部署乐维监控 8.1 容器"
  • "重新部署容器"
  • "查看容器状态"

输出格式

成功时:

{
  "success": true,
  "data": {
    "container_name": "lwops_rocky8_image_8.1",
    "container_id": "a1b2c3d4e5f6",
    "status": "running",
    "architecture": "x86_64",
    "image": "swr.cn-south-1.myhuaweicloud.com/cloud-lwops/lwops_rocky8_x86_image:latest",
    "host_ip": "192.168.1.100",
    "ports": {
      "http": {
        "container_port": 80,
        "host_port": 8000,
        "url": "http://192.168.1.100:8000"
      },
      "https": {
        "container_port": 8081,
        "host_port": 8081,
        "url": "http://192.168.1.100:8081"
      }
    },
    "cgroup_version": "v1",
    "cgroup_mount_mode": "ro",
    "timestamp": "2026-03-24T10:30:00Z"
  },
  "message": "容器部署成功"
}

失败时:

{
  "success": false,
  "error": "DockerNotInstalled",
  "message": "Docker 未安装,正在尝试自动安装...",
  "suggestions": [
    "Ubuntu/Debian: sudo apt-get install docker.io",
    "CentOS/RHEL: sudo yum install docker",
    "访问 https://docs.docker.com/get-docker/ 获取详细安装指南"
  ],
  "timestamp": "2026-03-24T10:30:00Z"
}

容器信息

镜像地址

  • x86_64 架构swr.cn-south-1.myhuaweicloud.com/cloud-lwops/lwops_rocky8_x86_image:latest
  • aarch64 架构swr.cn-south-1.myhuaweicloud.com/cloud-lwops/lwops_rocky8_arm_image:latest

端口映射

  • 容器端口 80宿主机端口 8000(默认,可自动调整)
  • 容器端口 8081宿主机端口 8081(默认,可自动调整)

容器配置

  • 容器名称lwops_rocky8_image_8.1
  • 启动参数--privileged(特权模式)
  • cgroup 挂载/sys/fs/cgroup:/sys/fs/cgroup:ro(v1)或 :rw(v2)
  • 启动命令/usr/sbin/init

故障排除

问题 1:Docker 安装失败

症状:提示无法安装 Docker

解决方案

  1. 检查是否有 sudo 权限
  2. 检查系统是否支持(参考系统要求)
  3. 手动安装 Docker:访问 https://docs.docker.com/get-docker/

问题 2:端口被占用

症状:无法启动容器,端口冲突

解决方案

  1. 技能会自动分配可用端口
  2. 查看输出中的 ports 字段获取实际端口
  3. 停止占用端口的程序:sudo lsof -i :8000

问题 3:容器启动失败

症状:容器创建后立即退出

解决方案

  1. 检查 Docker 日志:docker logs lwops_rocky8_image_8.1
  2. 检查 cgroup 版本兼容性
  3. 确保使用 --privileged 参数

问题 4:无法访问容器服务

症状:容器运行但无法访问 Web 界面

解决方案

  1. 检查防火墙设置
  2. 确认端口映射:docker port lwops_rocky8_image_8.1
  3. 检查容器状态:docker ps

相关链接

Files

10 total
Select a file
Select a file to preview.

Comments

Loading comments…