← 返回 Skills 市场
Nginx Config Creator
作者
xieyuanqing
· GitHub ↗
· v0.1.1
1920
总下载
0
收藏
7
当前安装
2
版本数
在 OpenClaw 中安装
/install nginx-config-creator
功能描述
Creates a standard Nginx/OpenResty reverse proxy config file for a service and reloads the web server. Features safety checks and environment awareness. Takes service name, domain, and port as main arguments.
安全使用建议
This skill appears to implement the stated feature, but review and run it carefully:
- Inspect the script before running and only supply trusted inputs. SERVICE_NAME and CONFIG_PATH are used directly to build the output filename, so avoid untrusted values (e.g., no '../', absolute paths, or shell metacharacters).
- Run in a safe environment first (staging) to confirm behavior and container identity; ensure the provided Docker container actually runs Nginx/OpenResty and that you have appropriate permissions.
- Because the script writes and may delete files, back up existing configs and ensure CONFIG_PATH points to the intended conf.d directory (avoid symlink surprises).
- Note the small metadata mismatch: the registry lists no required env vars but the README/SKILL.md recommend NGINX_CONFIG_PATH and NGINX_CONTAINER_NAME. If you plan to use environment variables, set them deliberately.
- Consider hardening the script (input validation, safer tempfile handling, limiting allowed paths) before using it in production.
If you need help auditing or patching the script to reject path traversal and validate inputs, I can suggest concrete modifications.
功能分析
Type: OpenClaw Skill
Name: nginx-config-creator
Version: 0.1.1
The `scripts/create-and-reload.sh` script is classified as suspicious due to risky capabilities without clear malicious intent. It allows writing to an arbitrary file path (`$CONF_FILE_PATH`) and executing commands (`nginx -t`, `nginx -s reload`) within a user-specified Docker container (`$CONTAINER_NAME`). While these actions are necessary for the skill's stated purpose of managing Nginx configurations, the script lacks robust input validation for `--config-path` and `--container-name`, potentially allowing a malicious actor to write to sensitive host paths or execute commands in unintended containers if they control the inputs. There is no evidence of data exfiltration, persistence, or direct prompt injection attempts.
能力评估
Purpose & Capability
Name/description align with the code and runtime requirements. The script actually writes an Nginx conf file and runs 'docker exec' to test and reload Nginx, so requiring 'bash' and 'docker' is appropriate.
Instruction Scope
The SKILL.md and script stay within the claimed purpose (writing a conf and reloading Nginx), but the runtime instructions permit dangerous inputs: SERVICE_NAME, DOMAIN, PORT and CONFIG_PATH are written into the filesystem without sanitization. In particular, SERVICE_NAME or CONFIG_PATH could be crafted to write outside the intended conf.d (e.g., '../' sequences or absolute paths), enabling overwrite of arbitrary files. The script also writes test output to /tmp/nginx_test_output.log. There is no validation of the container's identity beyond the provided name.
Install Mechanism
Instruction-only skill with an included shell script and no install spec — low install risk. There are no downloads or extract operations; nothing will be written to disk except when the script is explicitly run by the user/agent.
Credentials
The skill does not require credentials and only optionally reads NGINX_CONFIG_PATH and NGINX_CONTAINER_NAME from the environment (which matches its purpose). Registry metadata lists no required env vars although the README/SKILL.md recommend those two environment variables — this is a small metadata mismatch but not a high-risk issue.
Persistence & Privilege
The skill is not forced-always and does not request system-wide persistence. It does perform privileged actions when executed (writing files and running 'docker exec'), which is expected for its purpose but means it must be invoked with care. It does not modify other skill/system configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nginx-config-creator - 安装完成后,直接呼叫该 Skill 的名称或使用
/nginx-config-creator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Security fix: Anonymized all examples in SKILL.md to remove private information.
v0.1.0
Initial release.
- Automates creation of Nginx/OpenResty reverse proxy config files for services.
- Performs environment-aware configuration using variables or command-line arguments.
- Includes a safety check: tests the new config in the container and rolls back on failure.
- Reloads Nginx automatically if the configuration is valid.
- Provides verbose logs and clear error handling throughout the process.
元数据
常见问题
Nginx Config Creator 是什么?
Creates a standard Nginx/OpenResty reverse proxy config file for a service and reloads the web server. Features safety checks and environment awareness. Takes service name, domain, and port as main arguments. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1920 次。
如何安装 Nginx Config Creator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nginx-config-creator」即可一键安装,无需额外配置。
Nginx Config Creator 是免费的吗?
是的,Nginx Config Creator 完全免费(开源免费),可自由下载、安装和使用。
Nginx Config Creator 支持哪些平台?
Nginx Config Creator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Nginx Config Creator?
由 xieyuanqing(@xieyuanqing)开发并维护,当前版本 v0.1.1。
推荐 Skills