Docker Compose Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to be a simple Docker Compose file generator with no evidence of credential access, network exfiltration, persistence, or hidden behavior.
This looks safe to install from the provided artifacts. Before using it, review the generated docker-compose.yml because it may overwrite an existing file and currently appears to generate only MySQL and Redis despite advertising more services.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could accidentally replace an existing compose file or another file they specify as the output.
The script writes directly to the requested output path, defaulting to docker-compose.yml. This is aligned with the generator purpose, but it can overwrite an existing user-writable file if run in the wrong directory or with an unsafe path.
OUTPUT="${2:-docker-compose.yml}"
cat > "$OUTPUT" << 'YML'Run it in the intended project directory and check whether docker-compose.yml already exists before generating.
Users may expect broader service generation than the included script actually provides.
The documentation lists several supported services, while the included script only emits MySQL and Redis configuration. This is a functionality mismatch rather than evidence of malicious behavior.
支持 MySQL, PostgreSQL, Redis, MongoDB, Elasticsearch 等常用服务。
Verify the generated compose file before relying on it, especially if you need PostgreSQL, MongoDB, Elasticsearch, RabbitMQ, Nginx, or Node.js.