NginxWebUI Manager
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: nginxwebui-manager Version: 1.2.0 The nginxwebui-manager skill provides a legitimate interface for managing NginxWebUI reverse proxy rules via its REST API. It uses 'docker exec' to communicate with the local container and handles authentication by storing tokens in a local .env file. While it contains a hardcoded workspace path (/home/node/.openclaw/workspace/liyj/.env) and redundant code (duplicate login functions), there is no evidence of malicious intent, data exfiltration, or command injection vulnerabilities, as subprocess calls are handled safely without a shell.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs the wrong create/delete/reload command, websites or services routed through Nginx could be disrupted.
The skill exposes high-impact administrative operations through Docker and the NginxWebUI API. This is aligned with the stated purpose, but misuse could break or change reverse proxy behavior.
List/create/delete servers and locations, reload nginx, manage upstreams. All calls through docker exec into the nginxwebui container.
Only approve specific, intended server/location changes and review IDs, hostnames, ports, and reload requests before execution.
Installing and using the skill gives the agent a path to make admin-level NginxWebUI changes through the local Docker environment.
The skill requires privileged local/container access and admin credentials. This is expected for the integration, but it is powerful access that is not reflected in the registry credential/env-var declarations.
Requires Docker socket access... Valid NginxWebUI admin credentials with API access enabled
Use the least-privileged NginxWebUI account that can perform the needed task, and run it only in environments where Docker access is appropriate.
Anyone or any process with access to that .env file may be able to reuse the NginxWebUI API token until it expires or is revoked.
The script stores the API token persistently in a workspace .env file. This matches the SKILL.md description, but the token is sensitive and the path is hard-coded.
env_file = "/home/node/.openclaw/workspace/liyj/.env" ... content = re.sub(r"NGINXWEBUI_TOKEN=.*", f"NGINXWEBUI_TOKEN={token}", content)Protect the workspace .env file, avoid sharing it, and rotate or remove the token when access is no longer needed.