← Back to Skills Marketplace
Nginx Config Creator
by
xieyuanqing
· GitHub ↗
· v0.1.1
1920
Downloads
0
Stars
7
Active Installs
2
Versions
Install in OpenClaw
/install nginx-config-creator
Description
Creates a standard Nginx/OpenResty reverse proxy config file for a service and reloads the web server. Features safety checks and environment awareness. Takes service name, domain, and port as main arguments.
Usage Guidance
This skill appears to implement the stated feature, but review and run it carefully:
- Inspect the script before running and only supply trusted inputs. SERVICE_NAME and CONFIG_PATH are used directly to build the output filename, so avoid untrusted values (e.g., no '../', absolute paths, or shell metacharacters).
- Run in a safe environment first (staging) to confirm behavior and container identity; ensure the provided Docker container actually runs Nginx/OpenResty and that you have appropriate permissions.
- Because the script writes and may delete files, back up existing configs and ensure CONFIG_PATH points to the intended conf.d directory (avoid symlink surprises).
- Note the small metadata mismatch: the registry lists no required env vars but the README/SKILL.md recommend NGINX_CONFIG_PATH and NGINX_CONTAINER_NAME. If you plan to use environment variables, set them deliberately.
- Consider hardening the script (input validation, safer tempfile handling, limiting allowed paths) before using it in production.
If you need help auditing or patching the script to reject path traversal and validate inputs, I can suggest concrete modifications.
Capability Analysis
Type: OpenClaw Skill
Name: nginx-config-creator
Version: 0.1.1
The `scripts/create-and-reload.sh` script is classified as suspicious due to risky capabilities without clear malicious intent. It allows writing to an arbitrary file path (`$CONF_FILE_PATH`) and executing commands (`nginx -t`, `nginx -s reload`) within a user-specified Docker container (`$CONTAINER_NAME`). While these actions are necessary for the skill's stated purpose of managing Nginx configurations, the script lacks robust input validation for `--config-path` and `--container-name`, potentially allowing a malicious actor to write to sensitive host paths or execute commands in unintended containers if they control the inputs. There is no evidence of data exfiltration, persistence, or direct prompt injection attempts.
Capability Assessment
Purpose & Capability
Name/description align with the code and runtime requirements. The script actually writes an Nginx conf file and runs 'docker exec' to test and reload Nginx, so requiring 'bash' and 'docker' is appropriate.
Instruction Scope
The SKILL.md and script stay within the claimed purpose (writing a conf and reloading Nginx), but the runtime instructions permit dangerous inputs: SERVICE_NAME, DOMAIN, PORT and CONFIG_PATH are written into the filesystem without sanitization. In particular, SERVICE_NAME or CONFIG_PATH could be crafted to write outside the intended conf.d (e.g., '../' sequences or absolute paths), enabling overwrite of arbitrary files. The script also writes test output to /tmp/nginx_test_output.log. There is no validation of the container's identity beyond the provided name.
Install Mechanism
Instruction-only skill with an included shell script and no install spec — low install risk. There are no downloads or extract operations; nothing will be written to disk except when the script is explicitly run by the user/agent.
Credentials
The skill does not require credentials and only optionally reads NGINX_CONFIG_PATH and NGINX_CONTAINER_NAME from the environment (which matches its purpose). Registry metadata lists no required env vars although the README/SKILL.md recommend those two environment variables — this is a small metadata mismatch but not a high-risk issue.
Persistence & Privilege
The skill is not forced-always and does not request system-wide persistence. It does perform privileged actions when executed (writing files and running 'docker exec'), which is expected for its purpose but means it must be invoked with care. It does not modify other skill/system configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nginx-config-creator - After installation, invoke the skill by name or use
/nginx-config-creator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Security fix: Anonymized all examples in SKILL.md to remove private information.
v0.1.0
Initial release.
- Automates creation of Nginx/OpenResty reverse proxy config files for services.
- Performs environment-aware configuration using variables or command-line arguments.
- Includes a safety check: tests the new config in the container and rolls back on failure.
- Reloads Nginx automatically if the configuration is valid.
- Provides verbose logs and clear error handling throughout the process.
Metadata
Frequently Asked Questions
What is Nginx Config Creator?
Creates a standard Nginx/OpenResty reverse proxy config file for a service and reloads the web server. Features safety checks and environment awareness. Takes service name, domain, and port as main arguments. It is an AI Agent Skill for Claude Code / OpenClaw, with 1920 downloads so far.
How do I install Nginx Config Creator?
Run "/install nginx-config-creator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nginx Config Creator free?
Yes, Nginx Config Creator is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Nginx Config Creator support?
Nginx Config Creator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nginx Config Creator?
It is built and maintained by xieyuanqing (@xieyuanqing); the current version is v0.1.1.
More Skills