← Back to Skills Marketplace
impa365

SetupOrion ByImpa

by impa365 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1110
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install setuporion-byimpa
Description
Setup completo de VPS Ubuntu/Debian para produção com Docker Swarm, Traefik v3 (SSL/HTTPS automático), Portainer CE e rede overlay. Baseado no SetupOrion v2.8.0. Executa todos os comandos automaticamente.
Usage Guidance
This SKILL.md is a full automated VPS setup that will run many root-level commands and requires you to supply admin passwords and API keys. Before running it: 1) Review the entire SKILL.md yourself — don't blindly pipe commands into a shell. 2) Note the registry metadata omitted the env vars that the script expects; prepare the required secrets locally and do not paste them into untrusted places. 3) Prefer running the steps manually or in a controlled staging VM first so you can inspect files (traefik.yaml, docker stacks) before they are applied. 4) Be cautious of the curl | bash Docker installer — if you want safer review, install Docker via your distro packages or inspect the installer script first. 5) Back up the server, and ensure DNS and Let's Encrypt limits are understood. If you don't trust the skill's unknown source/homepage, treat it as untrusted instructions rather than an approved package.
Capability Analysis
Type: OpenClaw Skill Name: setuporion-byimpa Version: 1.0.0 The skill is classified as suspicious due to several significant security vulnerabilities, primarily the use of `curl -fsSL ... | bash` in `SKILL.md` (Etapa 2), which executes arbitrary remote code and poses a high RCE risk. Additionally, the script repeatedly uses `curl -k` (e.g., Etapa 7, Etapa 9) to disable SSL certificate verification when handling sensitive credentials like the Portainer admin password and Evolution API key, making these communications vulnerable to Man-in-the-Middle attacks. Sensitive credentials are also echoed to stdout, posing a risk if logs are not properly secured. While these are serious flaws, there is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or backdoor installation, indicating vulnerabilities rather than outright malice.
Capability Assessment
Purpose & Capability
The skill's name/description (VPS setup for Docker Swarm, Traefik v3, Portainer) matches the instructions, which perform system updates, install Docker, initialize Swarm, create networks/volumes and deploy Traefik/Portainer. However the registry metadata claims no required environment variables while SKILL.md declares multiple required/sensitive env vars (hostnames, domain names, admin passwords, DB password, API key). That metadata mismatch is an incoherence and reduces provenance.
Instruction Scope
Instructions explicitly run system-wide commands as root/sudo (apt installs, hostname changes, systemctl, writing /root/traefik.yaml, using /var/run/docker.sock) and will configure services and credentials on the host — this is expected for a VPS setup but is high-impact. The doc instructs downloading and running external scripts (curl -fsSL https://get.docker.com | bash) and writing configs which is risky. The instructions reference and require many environment variables declared inside SKILL.md; they do not read unrelated system secrets, but they do modify global system state.
Install Mechanism
This skill is instruction-only (no install spec) so nothing is written by the platform itself. The runtime steps fetch software from official locations (get.docker.com, download.docker.com, Docker images on registries). Using curl | bash to install Docker and pulling container images is common but considered risky because it executes remote code without local review. No unknown/personal URLs or archive extraction are present in the visible portion.
Credentials
SKILL.md requires several sensitive env vars (VPS_PORTAINER_PASS, VPS_POSTGRES_PASS, VPS_EVOLUTION_API_KEY, email and domain names). Those values are plausible and proportional for configuring the services, but the registry-level metadata reported earlier showed 'no required env vars' — a mismatch that could hide secret requirements from users. The skill will create and store those credentials on the VPS; ensure you trust the source before supplying secrets.
Persistence & Privilege
The skill does not request persistent platform-level privileges (always:false) and is user-invocable. It instructs making persistent changes to the target VPS (service installs, system config), which is appropriate for its purpose. There is no evidence it attempts to modify other skills or platform config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install setuporion-byimpa
  3. After installation, invoke the skill by name or use /setuporion-byimpa
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
v1.0.0 – Setup automatizado de VPS para produção com Docker Swarm, Traefik v3 e Portainer - Executa configuração completa de servidor Ubuntu/Debian: instala Docker, inicializa Swarm e cria rede overlay. - Deploy automático de Traefik v3 com SSL/HTTPS via Let's Encrypt. - Instala e configura Portainer CE com segurança reforçada. - Criação de volumes Docker essenciais e integração pronta para Evolution API e PostgreSQL. - Todas as etapas são idempotentes e seguras para re-execução.
Metadata
Slug setuporion-byimpa
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is SetupOrion ByImpa?

Setup completo de VPS Ubuntu/Debian para produção com Docker Swarm, Traefik v3 (SSL/HTTPS automático), Portainer CE e rede overlay. Baseado no SetupOrion v2.8.0. Executa todos os comandos automaticamente. It is an AI Agent Skill for Claude Code / OpenClaw, with 1110 downloads so far.

How do I install SetupOrion ByImpa?

Run "/install setuporion-byimpa" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SetupOrion ByImpa free?

Yes, SetupOrion ByImpa is completely free (open-source). You can download, install and use it at no cost.

Which platforms does SetupOrion ByImpa support?

SetupOrion ByImpa is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SetupOrion ByImpa?

It is built and maintained by impa365 (@impa365); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments