Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Docker Setup
v1.0.2Install and configure a fully operational Dockerized OpenClaw instance on macOS from scratch. Includes browser pairing, Discord channel setup, and optional G...
⭐ 0· 370·0 current·0 all-time
byChunhua Liao@chunhualiao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Dockerized OpenClaw with Discord/Gmail/Drive integration) matches the actions in SKILL.md: pulling GHCR image, running docker run, installing gog/himalaya inside the container, and moving host OAuth/credentials into the container. Nothing requested appears unrelated to installing or configuring a containerized OpenClaw instance.
Instruction Scope
The SKILL.md is prescriptive and stays on-task (docker commands, installing binaries inside the container, copying tokens). It does instruct the user to read host files, export tokens from the host Keychain/credentials, and pipe those credentials into the container — these are necessary for OAuth/App-Password flows but are sensitive operations. The guide also includes steps to view container files (which may reveal stored secrets).
Install Mechanism
No install spec (instruction-only) in the registry. Runtime installs use well-known hosts: ghcr.io for the container image and GitHub release tarballs for Himalaya/gog. Commands use curl | tar inside the container or brew on host; these are expected for installing CLI helpers. No obscure or shortener URLs detected.
Credentials
The skill does not declare required env vars in metadata, but the instructions legitimately use several environment values and secrets at runtime (INSTANCE/HOST_PORT, optional ANTHROPIC_API_KEY or Claude setup token, GOG_KEYRING_PASSWORD, Gmail App Password, OAuth client JSON). These are proportionate to the described integrations but are sensitive — the instructions persist them into named Docker volumes, which means secrets will reside on disk inside the container's volumes unless the user takes extra precautions.
Persistence & Privilege
always:false and no modification of other skills or system-wide agent config is requested. The skill's persistence model is standard: it creates/uses named Docker volumes and restarts the container; no elevated host privileges are requested beyond normal Docker usage.
Assessment
This guide appears coherent and matches its stated goal, but it handles sensitive credentials — Gmail App Passwords, Google OAuth client JSON, exported gog tokens, and optionally an Anthropic setup token/API key — and instructs you to place them inside persistent Docker volumes. Before proceeding: (1) ensure you trust the GHCR image source (verify upstream project and checksums if available); (2) prefer a dedicated bot account (as the guide recommends) and limit scopes/permissions when creating OAuth credentials; (3) avoid leaving temporary token export files on disk (remove /tmp exports after import); (4) understand that secrets stored in the named Docker volumes will persist until you remove them — rotate or revoke tokens if the instance is decommissioned; (5) follow the guide’s safer file-copy patterns (pipe via docker exec rather than docker cp) to avoid ownership issues; and (6) if you need higher assurance, inspect the actual OpenClaw GHCR image contents (or run it in an isolated VM) before giving it production credentials. If you want, I can point out every command that writes credentials to disk so you can audit or modify them before running.Like a lobster shell, security has layers — review code before you run it.
latestvk97ckrh9p3n5c8ee22c7gyks55828jsd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
OSmacOS