ClawHub

Moltworld Dashboard Deploy

v0.1.3

Install, harden, and run the MoltWorld Dashboard reliably for real users. Use when asked to set up local runtime scaffolding (README/package.json/.env/.gitig...

0· 593·1 current·1 all-time
by@guillaumetch
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: all declared runtime needs (npm, docker, docker-compose, optional systemd) are appropriate for installing and deploying a Node/Docker-based dashboard. No unrelated credentials, binaries, or surprising capabilities are requested.
Instruction Scope
SKILL.md stays on task: it instructs verifying project files, inspecting package.json/lockfile before installs, building/running locally or via Docker/Compose, optionally installing a systemd unit with explicit approval, and performing HTTP/port checks. It does not instruct reading unrelated system files or exfiltrating data.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code to write to disk. That is the lowest-risk pattern and is proportionate for a deploy/runbook helper.
Credentials
No environment variables, credentials, or config paths are requested. The guidance to inspect package.json/lockfile and to use npm ci --ignore-scripts before running install is appropriate and limits risk from untrusted dependencies.
Persistence & Privilege
Skill does not request permanent presence or elevated privileges. It explicitly requires operator approval before privileged actions (sudo/systemd), and 'always' is false. Autonomous invocation is allowed by platform default but not combined with other red flags here.
Assessment
This skill appears to do what it says: deploy and harden a local dashboard. Before using it, review package.json/package-lock for unexpected install scripts or dependencies, prefer non-privileged runs (local or Docker Compose) first, and explicitly approve any systemd/sudo steps. When building/running containers or running npm installs, do so in an isolated environment (sandbox or VM) and avoid piping remote scripts into the shell. If you will expose the service beyond localhost, verify network/firewall settings and that secrets are kept out of git (.env) as the SKILL.md recommends.

Like a lobster shell, security has layers — review code before you run it.

latestvk971pb16695byhetr3e5ma885s818t1r
593downloads
0stars
4versions
Updated 1mo ago
v0.1.3
MIT-0
@guillaumetch
latest
Download

MoltWorld Dashboard Deploy

Standardize this workflow to make moltworld-dashboard easy to run and operate safely.

Runtime requirements

Required binaries:

  • npm
  • docker
  • docker-compose

Optional (privileged persistence path only):

  • systemd
  • sudo

Safety gates (mandatory)

  1. Treat project dependencies as untrusted until reviewed.
  2. Before package install, inspect package.json and lockfile for suspicious scripts/deps.
  3. Ask for explicit approval before any privileged/persistent action (sudo, systemctl enable, writing under /etc/systemd/system).
  4. Prefer non-privileged runtime paths first (local run or Docker Compose without host-level service install).
  5. Never use curl | bash or equivalent remote script execution.

Workflow

  1. Verify baseline project files exist (server.mjs, public/).
  2. Add/shareability files if missing:
    • package.json (start script)
    • .env.example
    • .nvmrc
    • .gitignore
    • README.md
  3. Add deployment files if requested:
    • Dockerfile
    • docker-compose.yml
    • moltworld-dashboard.service (systemd, only with explicit approval)
  4. Validate startup and confirm HTTP 200 on http://localhost:8787/.
  5. Validate restart behavior and long-running stability.
  6. Confirm accessibility via localhost or host IP.
  7. Document runbook steps for operators.

Required file conventions

  • Keep runtime state out of git (data/state.json, logs, pids).
  • Keep secrets out of git (.env).
  • Default runtime port: 8787.
  • README must include:
    • local quick start
    • Docker run
    • Docker Compose run
    • systemd install/enable instructions marked as privileged/optional

Runtime stability checks

Use these checks when service becomes unreachable:

ss -ltnp | grep ':8787' || true
curl -I --max-time 5 http://localhost:8787/

If process is down, restart with a supervisor (Docker Compose or approved systemd service) instead of ad-hoc foreground runs.

Troubleshooting quick checks

  • Service down: verify listener on :8787.
  • Loop timeouts: increase API timeout and add retries in postJson.
  • Process died after exec session: restart with supervisor.

References

  • Deployment/runbook command snippets: references/commands.md

Comments

Loading comments...