← Back to Skills Marketplace
guim4dev

Caprover Management

by Thiago Guimarães · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
385
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install caprover-management
Description
Manage CapRover PaaS instances via API: create/update apps, deploy from Docker image or custom Dockerfile (tar file), configure ports, volumes, env vars, and...
README (SKILL.md)

CapRover Management Skill

CapRover is a self-hosted PaaS that wraps Docker Swarm. It exposes a REST API for full app lifecycle management.

Quick Setup

Always start by authenticating:

import urllib.request, json, ssl

ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE  # self-signed cert on CapRover is common

BASE = "https://\x3Ccaptain-domain>"  # e.g. https://captain.example.com

def api(path, data=None, token=None, timeout=60):
    body = json.dumps(data).encode() if data else None
    headers = {"Content-Type": "application/json"}
    if token:
        headers["x-captain-auth"] = token
    req = urllib.request.Request(f"{BASE}{path}", data=body, headers=headers)
    resp = urllib.request.urlopen(req, context=ctx, timeout=timeout)
    return json.loads(resp.read())

token = api("/api/v2/login", {"password": "\x3Cpassword>"})["data"]["token"]

See references/api.md for all endpoints. See scripts/caprover.py for a ready-to-use helper class.

Core Workflows

1. Create an App

api("/api/v2/user/apps/appDefinitions/register",
    {"appName": "myapp", "hasPersistentData": False}, token)

Set hasPersistentData: True if the app needs persistent volumes.

2. Deploy from a Docker Image

api("/api/v2/user/apps/appDefinitions/update",
    {"appName": "myapp", "imageName": "nginx:latest"}, token)

api("/api/v2/user/apps/appData/myapp/redeploy",
    {"appName": "myapp", "gitHash": ""}, token)

3. Deploy from a Custom Dockerfile (Build on Host)

Pack a captain-definition, Dockerfile, and support files into a .tar.gz, then POST:

# captain-definition (required in tar root):
# {"schemaVersion": 2, "dockerfilePath": "./Dockerfile"}

with open("app.tar.gz", "rb") as f:
    tar_data = f.read()

boundary = "----FormBoundaryCaprover"
body = (
    f"--{boundary}\r\
"
    f'Content-Disposition: form-data; name="sourceFile"; filename="app.tar.gz"\r\
'
    f"Content-Type: application/octet-stream\r\
\r\
"
).encode() + tar_data + f"\r\
--{boundary}--\r\
".encode()

req = urllib.request.Request(
    f"{BASE}/api/v2/user/apps/appData/myapp",
    data=body,
    headers={
        "Content-Type": f"multipart/form-data; boundary={boundary}",
        "x-captain-auth": token,
    },
)
resp = urllib.request.urlopen(req, context=ctx, timeout=180)

This builds the image natively on the CapRover host — critical for ARM64 hosts where pre-built amd64 images won't run.

4. Configure Ports, Env Vars, Volumes

api("/api/v2/user/apps/appDefinitions/update", {
    "appName": "myapp",
    "envVars": [{"key": "MY_VAR", "value": "hello"}],
    "ports": [{"hostPort": 25565, "containerPort": 7777}],
    "volumes": [{"containerPath": "/data", "volumeName": "myapp-data"}],
    "instanceCount": 1,
}, token)

⚠️ Port update bug: The ports field update sometimes returns HTTP 500 on CapRover (known issue). Workaround: set ports once at app creation time or use serviceUpdateOverride.

5. Advanced Docker Swarm Settings (serviceUpdateOverride)

For settings not exposed in the standard API — volume mounts, custom DNS, resource limits:

override = json.dumps({
    "TaskTemplate": {
        "ContainerSpec": {
            "Mounts": [{
                "Type": "volume",
                "Source": "captain--myapp-data",  # CapRover names: captain--\x3Cappname>-\x3Cname>
                "Target": "/data"
            }]
        }
    }
})

api("/api/v2/user/apps/appDefinitions/update",
    {"appName": "myapp", "serviceUpdateOverride": override}, token)

⚠️ Setting serviceUpdateOverride to "" (empty string) clears it and removes all Docker Swarm overrides, including volume mounts.

6. Read Logs

# Build logs (after deploying)
r = api("/api/v2/user/apps/appData/myapp", token=token)
build_lines = r["data"]["logs"]["lines"]

# Runtime logs (stdout of running container)
r = api("/api/v2/user/apps/appData/myapp/logs", token=token)
raw_logs = r["data"]["logs"]

ARM64 / Multi-Arch Gotchas

If the CapRover host is ARM64 (uname -m returns aarch64):

  • Do not use amd64-only pre-built images — they will silently fail or crash with exec format errors
  • Build from Dockerfile on the host (workflow #3 above) to get native ARM64 images
  • For apps that need Mono (e.g. Windows .exe files on Linux ARM64): install mono-runtime in the Dockerfile and use mono ./App.exe as the entrypoint
  • Detect arch at runtime in scripts: $(uname -m) returns aarch64 on ARM64

Common Issues

Symptom Likely Cause Fix
HTTP 500 on port update CapRover bug Set ports at app creation, or use serviceUpdateOverride
Container crashes, no logs Wrong arch image (amd64 on arm64) Build from Dockerfile on host
Port open but server not responding Server listening on 127.0.0.1 only Check server bind address; use 0.0.0.0
World/data lost on restart No volume mount Add serviceUpdateOverride with Mounts
Logs empty App writes logs to file, not stdout Override entrypoint to redirect to stdout
volumes: [] in API but data persists serviceUpdateOverride holds the mount — API and Swarm state diverge Check serviceUpdateOverride, not just app definition

Node / Cluster Info

r = api("/api/v2/user/system/info", token=token)
nodes = r["data"]["nodes"]

References

  • Full API endpoint list + request/response shapes: references/api.md
  • Reusable Python helper class: scripts/caprover.py
Usage Guidance
This skill is coherent for managing CapRover, but review these points before installing: - You must supply a CapRover admin (or appropriately privileged) password at runtime; do not reuse high-value credentials if you don't trust the target host. The skill metadata doesn't declare a primary credential, so you'll provide it interactively or via your agent's secret store. - The sample code disables TLS certificate verification to work with self-signed CapRover instances. That makes man-in-the-middle attacks possible if you run the skill against an untrusted network—prefer supplying a valid certificate or modify the helper to enable verification when possible. - Deploying a .tar.gz causes the CapRover host to build whatever Dockerfile is included. Only deploy builds you trust because build scripts run on the remote host and can be used to escalate or corrupt the host environment. - The skill warns that setting serviceUpdateOverride to an empty string clears all Swarm overrides (including mounts) — using that incorrectly can cause data loss. If you intend to use this skill, run it against CapRover instances you control or trust, consider using a limited-permission account instead of the global admin password, and consider editing the helper to enforce TLS validation in environments where valid certs are available.
Capability Analysis
Type: OpenClaw Skill Name: caprover-management Version: 1.0.0 This skill is classified as suspicious due to its exposure of highly privileged CapRover API functionalities and a critical security vulnerability. The `scripts/caprover.py` helper and `SKILL.md` explicitly disable SSL certificate verification (`ssl.CERT_NONE`), making all API communications vulnerable to Man-in-the-Middle (MITM) attacks. Furthermore, the skill provides direct access to CapRover's `serviceUpdateOverride` and `deploy_tar` features, which allow for arbitrary Docker Swarm configuration and custom Dockerfile builds on the CapRover host. While these are legitimate CapRover features, their power, if misused by a compromised agent or user, could lead to Remote Code Execution (RCE) on the CapRover server. There is no evidence of intentional malicious behavior or prompt injection attempts within the skill's code or instructions, but the inherent risks warrant a 'suspicious' classification.
Capability Assessment
Purpose & Capability
Name/description align with the included files and instructions: the SKILL.md and scripts/caprover.py implement CapRover API workflows (create/update apps, deploy images/tar builds, configure ports/volumes/env vars, read logs, cluster info). The skill does not request unrelated services or credentials.
Instruction Scope
Runtime instructions and the helper script stay within the scope of CapRover management. Two notable operational choices increase risk but are relevant to the stated purpose: (1) the examples and helper create an SSL context that disables certificate validation (ctx.verify_mode = ssl.CERT_NONE) to accommodate self-signed CapRover instances; (2) the deploy-from-tar workflow intentionally builds images on the CapRover host, which means arbitrary Dockerfile build steps will execute on that host. Both behaviours are expected for this use-case but have security implications.
Install Mechanism
No install spec; this is primarily an instruction + helper script. Nothing is downloaded or installed by the skill itself, lowering installation risk.
Credentials
The registry metadata lists no required env vars or primary credential, which is consistent with not embedding secrets in the skill. However, the tool requires a CapRover admin password (passed to login) at runtime to obtain a token — this credential is necessary for operation but is not declared in metadata. That omission is not dangerous by itself but users should be aware they must provide an admin password (or an account with sufficient CapRover privileges) when invoking the skill.
Persistence & Privilege
The skill does not request always:true and does not alter other skills or system-wide agent settings. It requires only runtime invocation and does not persist elevated platform privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install caprover-management
  3. After installation, invoke the skill by name or use /caprover-management
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of CapRover Management Skill. - Manage CapRover PaaS instances via API: create/update apps, deploy from Docker images or custom Dockerfiles. - Configure ports, env vars, persistent volumes, and advanced Docker Swarm settings. - Supports both standard and advanced workflows, including ARM64-specific guidance. - Includes troubleshooting tips and common issues FAQ. - Provides ready-to-use Python code for all core operations.
Metadata
Slug caprover-management
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Caprover Management?

Manage CapRover PaaS instances via API: create/update apps, deploy from Docker image or custom Dockerfile (tar file), configure ports, volumes, env vars, and... It is an AI Agent Skill for Claude Code / OpenClaw, with 385 downloads so far.

How do I install Caprover Management?

Run "/install caprover-management" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Caprover Management free?

Yes, Caprover Management is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Caprover Management support?

Caprover Management is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Caprover Management?

It is built and maintained by Thiago Guimarães (@guim4dev); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments