ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nginx Config Creator

v0.1.1

Creates a standard Nginx/OpenResty reverse proxy config file for a service and reloads the web server. Features safety checks and environment awareness. Takes service name, domain, and port as main arguments.

0· 1.8k·7 current·7 all-time
by@xieyuanqing
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code and runtime requirements. The script actually writes an Nginx conf file and runs 'docker exec' to test and reload Nginx, so requiring 'bash' and 'docker' is appropriate.
!
Instruction Scope
The SKILL.md and script stay within the claimed purpose (writing a conf and reloading Nginx), but the runtime instructions permit dangerous inputs: SERVICE_NAME, DOMAIN, PORT and CONFIG_PATH are written into the filesystem without sanitization. In particular, SERVICE_NAME or CONFIG_PATH could be crafted to write outside the intended conf.d (e.g., '../' sequences or absolute paths), enabling overwrite of arbitrary files. The script also writes test output to /tmp/nginx_test_output.log. There is no validation of the container's identity beyond the provided name.
Install Mechanism
Instruction-only skill with an included shell script and no install spec — low install risk. There are no downloads or extract operations; nothing will be written to disk except when the script is explicitly run by the user/agent.
Credentials
The skill does not require credentials and only optionally reads NGINX_CONFIG_PATH and NGINX_CONTAINER_NAME from the environment (which matches its purpose). Registry metadata lists no required env vars although the README/SKILL.md recommend those two environment variables — this is a small metadata mismatch but not a high-risk issue.
Persistence & Privilege
The skill is not forced-always and does not request system-wide persistence. It does perform privileged actions when executed (writing files and running 'docker exec'), which is expected for its purpose but means it must be invoked with care. It does not modify other skill/system configs.
What to consider before installing
This skill appears to implement the stated feature, but review and run it carefully: - Inspect the script before running and only supply trusted inputs. SERVICE_NAME and CONFIG_PATH are used directly to build the output filename, so avoid untrusted values (e.g., no '../', absolute paths, or shell metacharacters). - Run in a safe environment first (staging) to confirm behavior and container identity; ensure the provided Docker container actually runs Nginx/OpenResty and that you have appropriate permissions. - Because the script writes and may delete files, back up existing configs and ensure CONFIG_PATH points to the intended conf.d directory (avoid symlink surprises). - Note the small metadata mismatch: the registry lists no required env vars but the README/SKILL.md recommend NGINX_CONFIG_PATH and NGINX_CONTAINER_NAME. If you plan to use environment variables, set them deliberately. - Consider hardening the script (input validation, safer tempfile handling, limiting allowed paths) before using it in production. If you need help auditing or patching the script to reject path traversal and validate inputs, I can suggest concrete modifications.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, docker
latestvk9718y26pqsztd07z6y72j4jcs80mpqq
1.8kdownloads
0stars
2versions
Updated 6h ago
v0.1.1
MIT-0
@xieyuanqing
latest
Download

Nginx Config Creator (Enterprise Grade)

This skill automates the creation of Nginx/OpenResty reverse proxy configurations. It is designed for both ease of use and safety, incorporating environment awareness and a critical safety-check mechanism.

Features

  • Environment Awareness: Simplifies commands by reading configuration from environment variables.
  • Safety Check: Includes a '熔断' (fuse) mechanism. It tests the configuration before applying it and automatically rolls back if the test fails, preventing web server downtime.

Pre-requisites (Recommended)

For maximum convenience, it is recommended to set the following environment variables on the host system:

  • NGINX_CONFIG_PATH: The absolute path to the Nginx conf.d directory.
  • NGINX_CONTAINER_NAME: The name of the running Nginx/OpenResty Docker container.

If these are not set, they must be provided as command-line arguments.

Core Action: scripts/create-and-reload.sh

This script performs the entire operation.

Inputs (Command-Line Arguments)

  • --service-name: (Required) The short name for the service (e.g., grafana).
  • --domain: (Required) The root domain name (e.g., example.com).
  • --port: (Required) The local port the service is running on (e.g., 3000).
  • --config-path: (Optional) The path to Nginx's conf.d directory. Overrides the NGINX_CONFIG_PATH environment variable.
  • --container-name: (Optional) The name of the Nginx Docker container. Overrides the NGINX_CONTAINER_NAME environment variable.

Output

  • On Success: Prints a step-by-step log of its actions and a final success message.
  • On Failure: Prints a descriptive error message to stderr and exits. If the failure occurs during the Nginx configuration test, the full error from nginx -t is displayed.

Execution Workflow

  1. Parse Arguments & Environment: The script gathers all necessary paths and names from command-line arguments and environment variables.
  2. Generate Config: It creates the .conf file in the target directory.
  3. Test Config (Safety Check): It executes nginx -t inside the specified container.
  4. Decide & Act:
    • If the test passes, it proceeds to reload Nginx via nginx -s reload.
    • If the test fails, it automatically deletes the generated file (rolls back) and reports the error.
  5. Report Result: Informs the user of the final outcome.

Example Usage

Scenario 1: Environment variables are pre-set

# Set for future convenience
export NGINX_CONFIG_PATH="/path/to/your/nginx/conf.d"
export NGINX_CONTAINER_NAME="your_nginx_container"

# Now, the command is very simple:
bash skills/nginx-config-creator/scripts/create-and-reload.sh \
  --service-name "grafana" \
  --domain "example.com" \
  --port "3000"

Scenario 2: No environment variables (providing all info via arguments)

bash skills/nginx-config-creator/scripts/create-and-reload.sh \
  --service-name "grafana" \
  --domain "example.com" \
  --port "3000" \
  --config-path "/path/to/your/nginx/conf.d" \
  --container-name "your_nginx_container"

Failure Strategy

  • Missing Arguments: The script will exit with an error if required arguments/environment variables are missing.
  • nginx -t Fails: The skill is designed to be safe. It will not attempt to reload a broken configuration. It will clean up after itself and show you the exact error, ensuring the live web server is never affected.

Comments

Loading comments...