← Back to Skills Marketplace
326
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install docker-socket-proxy
Description
Manage a remote Docker host securely via docker-socket-proxy, supporting container lifecycle, images, networks, volumes, swarm, plugins, and system info APIs.
README (SKILL.md)
Docker Socket Proxy
Manages Docker containers via the tecnativa/docker-socket-proxy REST API using curl and jq. Which modes are available depends on which API sections the proxy instance has enabled.
Trigger conditions
- User asks to list, start, stop, restart, kill, pause, or unpause a container or service
- User wants container logs, stats, top processes, or filesystem changes
- User asks about Docker images, networks, volumes, swarm services, or tasks
- A service needs to be restarted after a config change
Usage
bash {baseDir}/scripts/run-docker.sh \x3Cmode> [args...]
Run with no arguments for full usage. Proxy URL is resolved from $DOCKER_PROXY_URL → $DOCKER_HOST (tcp→http) → http://localhost:2375.
Modes
System
| Mode | Description |
|---|---|
ping |
Health check |
version |
Docker version |
info |
Host summary (containers, memory, etc.) |
events [--since T] [--until T] [--filters k=v] |
Recent events (1s window) |
system-df |
Disk usage by images/containers/volumes |
Containers
| Mode | Description |
|---|---|
list |
Running containers |
list-all |
All containers including stopped |
inspect \x3Cname> |
Full container details |
top \x3Cname> [ps-args] |
Running processes inside container |
logs \x3Cname> [tail] |
Container logs (default tail=100) |
stats \x3Cname> |
CPU, memory, network, block I/O |
changes \x3Cname> |
Filesystem changes since start |
start \x3Cname> |
Start container |
stop \x3Cname> [timeout] |
Stop container |
restart \x3Cname> [timeout] |
Restart container |
kill \x3Cname> [signal] |
Kill container (default SIGKILL) |
pause \x3Cname> |
Pause container |
unpause \x3Cname> |
Unpause container |
rename \x3Cname> \x3Cnew-name> |
Rename container |
exec \x3Cname> \x3Ccmd> [args...] |
Run command in container |
prune-containers |
Remove stopped containers |
Images
| Mode | Description |
|---|---|
images |
List images |
image-inspect \x3Cname> |
Image details |
image-history \x3Cname> |
Layer history |
prune-images |
Remove unused images |
Networks
| Mode | Description |
|---|---|
networks |
List networks |
network-inspect \x3Cname> |
Network details and connected containers |
prune-networks |
Remove unused networks |
Volumes
| Mode | Description |
|---|---|
volumes |
List volumes |
volume-inspect \x3Cname> |
Volume details |
prune-volumes |
Remove unused volumes |
Swarm
| Mode | Description |
|---|---|
swarm |
Swarm info |
nodes |
List nodes |
node-inspect \x3Cname> |
Node details |
services |
List services |
service-inspect \x3Cname> |
Service details |
service-logs \x3Cname> [tail] |
Service logs |
tasks |
List tasks |
configs |
List configs |
secrets |
List secrets |
Plugins
| Mode | Description |
|---|---|
plugins |
List plugins |
Name matching
Container names can be partial — myapp matches project-myapp-1. Exact match is tried first, then substring. Errors clearly if 0 or 2+ containers match.
Notes
- Modes that require disabled proxy sections (e.g.
IMAGES,NETWORKS,VOLUMES,SYSTEM) will return HTTP 403. This is expected — enable the relevant env var on the proxy to unlock them. execis two-step (create + start) and streams multiplexed output.eventsuses a 1-second window by default; use--since/--untilto adjust.
Usage Guidance
This skill appears to do what it says: it talks only to a docker-socket-proxy and requires curl and jq. Before installing, verify the proxy is configured with the minimum API sections you need (avoid enabling EXEC, SECRETS, SWARM, IMAGES, etc., unless strictly necessary). Review the included scripts yourself (run-docker.sh) and prefer running the proxy on a trusted host and network. Note the registry metadata omitted required binaries (curl/jq) and the skill source/homepage are listed as unknown — if provenance matters for you, request a canonical upstream or author confirmation. If you allow autonomous agent use, consider limiting the agent's permissions or requiring manual approval for operations that run commands inside containers or list secrets.
Capability Analysis
Type: OpenClaw Skill
Name: docker-socket-proxy
Version: 1.0.0
The docker-socket-proxy skill provides a legitimate and well-documented interface for managing Docker environments via a security-focused REST proxy. The core logic in scripts/run-docker.sh uses standard tools like curl and jq to interact with the Docker API, and its functionality (including container execution and log retrieval) aligns perfectly with its stated purpose without any evidence of malicious intent, data exfiltration, or prompt injection.
Capability Assessment
Purpose & Capability
The skill claims to manage a Docker host via tecnativa/docker-socket-proxy and the script implements calls to the Docker REST API (containers, images, networks, volumes, swarm, secrets, exec, etc.). This aligns with the description. Minor inconsistency: the registry metadata listed no required binaries, while the SKILL.md metadata and README both require curl and jq — these are reasonable for the stated purpose but the metadata mismatch should be noted.
Instruction Scope
Runtime instructions tell the agent to run the provided shell script which issues HTTP requests to the proxy only (no other external endpoints) and does not read arbitrary host files. However, several modes (notably exec and Swarm secrets listing) allow the agent to run commands inside containers or view sensitive Swarm secrets if the proxy has those API sections enabled — this is expected functionality but increases risk if the proxy is over-privileged.
Install Mechanism
There is no install spec that downloads or writes code to disk; this is an instruction-only skill with an included shell script. No remote archive downloads or third‑party install steps are present.
Credentials
The script uses DOCKER_PROXY_URL and DOCKER_HOST to locate the proxy (appropriate). It does not request credentials or other unrelated environment variables. Be aware that the Docker API surface includes sensitive items (secrets, swarm configs, the ability to exec into containers) — access to those depends solely on which sections are enabled in the proxy, not on the skill itself.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and does not attempt to modify other skills or system-wide agent settings. Autonomous model invocation is allowed by default (normal for skills) but is not combined with any hidden persistence or elevated privileges in the package.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install docker-socket-proxy - After installation, invoke the skill by name or use
/docker-socket-proxy - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Docker Socket Proxy?
Manage a remote Docker host securely via docker-socket-proxy, supporting container lifecycle, images, networks, volumes, swarm, plugins, and system info APIs. It is an AI Agent Skill for Claude Code / OpenClaw, with 326 downloads so far.
How do I install Docker Socket Proxy?
Run "/install docker-socket-proxy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Docker Socket Proxy free?
Yes, Docker Socket Proxy is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Docker Socket Proxy support?
Docker Socket Proxy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Docker Socket Proxy?
It is built and maintained by BP602 (@bp602); the current version is v1.0.0.
More Skills