ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Docker Compose Generator

v1.0.1

生成 Docker Compose 配置,支持 MySQL, PostgreSQL, Redis, MongoDB, Elasticsearch 等常用服务。

0· 471·3 current·3 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to support many services (MySQL, PostgreSQL, Redis, MongoDB, Elasticsearch, RabbitMQ, Nginx, Node.js) and flexible CLI flags, but the shipped docker-compose-generator.sh only emits a static compose file containing mysql and redis regardless of arguments. This is a clear mismatch between stated purpose and actual capability.
!
Instruction Scope
SKILL.md shows example CLI flags and 'full-stack' usage, implying argument parsing and multi-service generation; the runtime file does not implement those behaviors. The script writes a file in the current directory and echoes a success message — it does not read extra files or env vars, but it will overwrite/create docker-compose.yml which is potentially surprising.
Install Mechanism
There is no install spec; the skill is instruction-only with a small shell script included. No downloads or package installs are performed.
Credentials
The skill requests no environment variables, credentials, or config paths. The script contains hardcoded credentials (MYSQL_ROOT_PASSWORD: root) and exposed ports, which are security-relevant but not an overreach in requested privileges.
Persistence & Privilege
Flags show normal behavior (always: false, user-invocable true). The skill does not request persistent platform privileges. Its only side effect is writing a docker-compose.yml and creating a named volume when run; it does not modify other skills or system configuration.
What to consider before installing
This skill is internally inconsistent: the documentation promises a flexible generator for many services, but the provided script only outputs a fixed docker-compose.yml for MySQL and Redis and ignores CLI flags. Before using it, review and edit the script — it contains a hardcoded MySQL root password ('root') and exposes host ports (3306, 6379), which are unsafe for production. If you want the advertised functionality, request the author or publisher for the real implementation or modify the script to properly parse arguments and only expose ports/credentials you control. Run it in a disposable directory or sandbox first to avoid overwriting an existing docker-compose.yml. If you need assurance about the publisher, seek a source/homepage or avoid installing until the mismatch is resolved.

Like a lobster shell, security has layers — review code before you run it.

devopsvk97fnxrbe38ydbh8rwe0w6s175825e8fdockervk97fnxrbe38ydbh8rwe0w6s175825e8fdocker-composevk97fnxrbe38ydbh8rwe0w6s175825e8fgeneratorvk97fnxrbe38ydbh8rwe0w6s175825e8flatestvk977gbbv5gxsdk06929hp6eq41826m32

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐙 Clawdis

Comments