← 返回 Skills 市场
326
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install docker-socket-proxy
功能描述
Manage a remote Docker host securely via docker-socket-proxy, supporting container lifecycle, images, networks, volumes, swarm, plugins, and system info APIs.
使用说明 (SKILL.md)
Docker Socket Proxy
Manages Docker containers via the tecnativa/docker-socket-proxy REST API using curl and jq. Which modes are available depends on which API sections the proxy instance has enabled.
Trigger conditions
- User asks to list, start, stop, restart, kill, pause, or unpause a container or service
- User wants container logs, stats, top processes, or filesystem changes
- User asks about Docker images, networks, volumes, swarm services, or tasks
- A service needs to be restarted after a config change
Usage
bash {baseDir}/scripts/run-docker.sh \x3Cmode> [args...]
Run with no arguments for full usage. Proxy URL is resolved from $DOCKER_PROXY_URL → $DOCKER_HOST (tcp→http) → http://localhost:2375.
Modes
System
| Mode | Description |
|---|---|
ping |
Health check |
version |
Docker version |
info |
Host summary (containers, memory, etc.) |
events [--since T] [--until T] [--filters k=v] |
Recent events (1s window) |
system-df |
Disk usage by images/containers/volumes |
Containers
| Mode | Description |
|---|---|
list |
Running containers |
list-all |
All containers including stopped |
inspect \x3Cname> |
Full container details |
top \x3Cname> [ps-args] |
Running processes inside container |
logs \x3Cname> [tail] |
Container logs (default tail=100) |
stats \x3Cname> |
CPU, memory, network, block I/O |
changes \x3Cname> |
Filesystem changes since start |
start \x3Cname> |
Start container |
stop \x3Cname> [timeout] |
Stop container |
restart \x3Cname> [timeout] |
Restart container |
kill \x3Cname> [signal] |
Kill container (default SIGKILL) |
pause \x3Cname> |
Pause container |
unpause \x3Cname> |
Unpause container |
rename \x3Cname> \x3Cnew-name> |
Rename container |
exec \x3Cname> \x3Ccmd> [args...] |
Run command in container |
prune-containers |
Remove stopped containers |
Images
| Mode | Description |
|---|---|
images |
List images |
image-inspect \x3Cname> |
Image details |
image-history \x3Cname> |
Layer history |
prune-images |
Remove unused images |
Networks
| Mode | Description |
|---|---|
networks |
List networks |
network-inspect \x3Cname> |
Network details and connected containers |
prune-networks |
Remove unused networks |
Volumes
| Mode | Description |
|---|---|
volumes |
List volumes |
volume-inspect \x3Cname> |
Volume details |
prune-volumes |
Remove unused volumes |
Swarm
| Mode | Description |
|---|---|
swarm |
Swarm info |
nodes |
List nodes |
node-inspect \x3Cname> |
Node details |
services |
List services |
service-inspect \x3Cname> |
Service details |
service-logs \x3Cname> [tail] |
Service logs |
tasks |
List tasks |
configs |
List configs |
secrets |
List secrets |
Plugins
| Mode | Description |
|---|---|
plugins |
List plugins |
Name matching
Container names can be partial — myapp matches project-myapp-1. Exact match is tried first, then substring. Errors clearly if 0 or 2+ containers match.
Notes
- Modes that require disabled proxy sections (e.g.
IMAGES,NETWORKS,VOLUMES,SYSTEM) will return HTTP 403. This is expected — enable the relevant env var on the proxy to unlock them. execis two-step (create + start) and streams multiplexed output.eventsuses a 1-second window by default; use--since/--untilto adjust.
安全使用建议
This skill appears to do what it says: it talks only to a docker-socket-proxy and requires curl and jq. Before installing, verify the proxy is configured with the minimum API sections you need (avoid enabling EXEC, SECRETS, SWARM, IMAGES, etc., unless strictly necessary). Review the included scripts yourself (run-docker.sh) and prefer running the proxy on a trusted host and network. Note the registry metadata omitted required binaries (curl/jq) and the skill source/homepage are listed as unknown — if provenance matters for you, request a canonical upstream or author confirmation. If you allow autonomous agent use, consider limiting the agent's permissions or requiring manual approval for operations that run commands inside containers or list secrets.
功能分析
Type: OpenClaw Skill
Name: docker-socket-proxy
Version: 1.0.0
The docker-socket-proxy skill provides a legitimate and well-documented interface for managing Docker environments via a security-focused REST proxy. The core logic in scripts/run-docker.sh uses standard tools like curl and jq to interact with the Docker API, and its functionality (including container execution and log retrieval) aligns perfectly with its stated purpose without any evidence of malicious intent, data exfiltration, or prompt injection.
能力评估
Purpose & Capability
The skill claims to manage a Docker host via tecnativa/docker-socket-proxy and the script implements calls to the Docker REST API (containers, images, networks, volumes, swarm, secrets, exec, etc.). This aligns with the description. Minor inconsistency: the registry metadata listed no required binaries, while the SKILL.md metadata and README both require curl and jq — these are reasonable for the stated purpose but the metadata mismatch should be noted.
Instruction Scope
Runtime instructions tell the agent to run the provided shell script which issues HTTP requests to the proxy only (no other external endpoints) and does not read arbitrary host files. However, several modes (notably exec and Swarm secrets listing) allow the agent to run commands inside containers or view sensitive Swarm secrets if the proxy has those API sections enabled — this is expected functionality but increases risk if the proxy is over-privileged.
Install Mechanism
There is no install spec that downloads or writes code to disk; this is an instruction-only skill with an included shell script. No remote archive downloads or third‑party install steps are present.
Credentials
The script uses DOCKER_PROXY_URL and DOCKER_HOST to locate the proxy (appropriate). It does not request credentials or other unrelated environment variables. Be aware that the Docker API surface includes sensitive items (secrets, swarm configs, the ability to exec into containers) — access to those depends solely on which sections are enabled in the proxy, not on the skill itself.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and does not attempt to modify other skills or system-wide agent settings. Autonomous model invocation is allowed by default (normal for skills) but is not combined with any hidden persistence or elevated privileges in the package.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install docker-socket-proxy - 安装完成后,直接呼叫该 Skill 的名称或使用
/docker-socket-proxy触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Docker Socket Proxy 是什么?
Manage a remote Docker host securely via docker-socket-proxy, supporting container lifecycle, images, networks, volumes, swarm, plugins, and system info APIs. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 326 次。
如何安装 Docker Socket Proxy?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install docker-socket-proxy」即可一键安装,无需额外配置。
Docker Socket Proxy 是免费的吗?
是的,Docker Socket Proxy 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Docker Socket Proxy 支持哪些平台?
Docker Socket Proxy 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Docker Socket Proxy?
由 BP602(@bp602)开发并维护,当前版本 v1.0.0。
推荐 Skills