← Back to Skills Marketplace
OpenClaw Docker Setup
by
Chunhua Liao
· GitHub ↗
· v1.0.2
434
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-docker-setup
Description
Install and configure a fully operational Dockerized OpenClaw instance on macOS from scratch. Includes browser pairing, Discord channel setup, and optional G...
Usage Guidance
This guide appears coherent and matches its stated goal, but it handles sensitive credentials — Gmail App Passwords, Google OAuth client JSON, exported gog tokens, and optionally an Anthropic setup token/API key — and instructs you to place them inside persistent Docker volumes. Before proceeding: (1) ensure you trust the GHCR image source (verify upstream project and checksums if available); (2) prefer a dedicated bot account (as the guide recommends) and limit scopes/permissions when creating OAuth credentials; (3) avoid leaving temporary token export files on disk (remove /tmp exports after import); (4) understand that secrets stored in the named Docker volumes will persist until you remove them — rotate or revoke tokens if the instance is decommissioned; (5) follow the guide’s safer file-copy patterns (pipe via docker exec rather than docker cp) to avoid ownership issues; and (6) if you need higher assurance, inspect the actual OpenClaw GHCR image contents (or run it in an isolated VM) before giving it production credentials. If you want, I can point out every command that writes credentials to disk so you can audit or modify them before running.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-docker-setup
Version: 1.0.2
The skill is classified as suspicious due to inherent supply chain risks and the handling of sensitive credentials, despite demonstrating strong security awareness. It instructs the AI agent to install binaries (`himalaya`, `gogcli`) via `curl -L ... | tar -xz ...` from external GitHub repositories (`github.com/pimalaya/himalaya`, `github.com/steipete/gogcli`) within the Docker container (in `references/gmail-setup.md` and `references/google-drive-setup.md`), which introduces a supply chain vulnerability. Additionally, the agent is instructed to handle and configure sensitive credentials (Gmail App Password, Google OAuth tokens) by reading them from the host and piping them into the container's configuration, a necessary but risky capability. However, the skill explicitly uses Docker security hardening (`--cap-drop=ALL`), warns against insecure practices, and provides detailed instructions for secure credential transfer, indicating no clear malicious intent within the skill itself.
Capability Assessment
Purpose & Capability
The name/description (Dockerized OpenClaw with Discord/Gmail/Drive integration) matches the actions in SKILL.md: pulling GHCR image, running docker run, installing gog/himalaya inside the container, and moving host OAuth/credentials into the container. Nothing requested appears unrelated to installing or configuring a containerized OpenClaw instance.
Instruction Scope
The SKILL.md is prescriptive and stays on-task (docker commands, installing binaries inside the container, copying tokens). It does instruct the user to read host files, export tokens from the host Keychain/credentials, and pipe those credentials into the container — these are necessary for OAuth/App-Password flows but are sensitive operations. The guide also includes steps to view container files (which may reveal stored secrets).
Install Mechanism
No install spec (instruction-only) in the registry. Runtime installs use well-known hosts: ghcr.io for the container image and GitHub release tarballs for Himalaya/gog. Commands use curl | tar inside the container or brew on host; these are expected for installing CLI helpers. No obscure or shortener URLs detected.
Credentials
The skill does not declare required env vars in metadata, but the instructions legitimately use several environment values and secrets at runtime (INSTANCE/HOST_PORT, optional ANTHROPIC_API_KEY or Claude setup token, GOG_KEYRING_PASSWORD, Gmail App Password, OAuth client JSON). These are proportionate to the described integrations but are sensitive — the instructions persist them into named Docker volumes, which means secrets will reside on disk inside the container's volumes unless the user takes extra precautions.
Persistence & Privilege
always:false and no modification of other skills or system-wide agent config is requested. The skill's persistence model is standard: it creates/uses named Docker volumes and restarts the container; no elevated host privileges are requested beyond normal Docker usage.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-docker-setup - After installation, invoke the skill by name or use
/openclaw-docker-setup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Add all reference files: pitfalls, Gmail/Himalaya setup, Google Drive/gog setup, trigger tests, license.
v1.0.1
Add reference files.
v1.0.0
Initial release.
Metadata
Frequently Asked Questions
What is OpenClaw Docker Setup?
Install and configure a fully operational Dockerized OpenClaw instance on macOS from scratch. Includes browser pairing, Discord channel setup, and optional G... It is an AI Agent Skill for Claude Code / OpenClaw, with 434 downloads so far.
How do I install OpenClaw Docker Setup?
Run "/install openclaw-docker-setup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Docker Setup free?
Yes, OpenClaw Docker Setup is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenClaw Docker Setup support?
OpenClaw Docker Setup is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin).
Who created OpenClaw Docker Setup?
It is built and maintained by Chunhua Liao (@chunhualiao); the current version is v1.0.2.
More Skills