← 返回 Skills 市场
OpenClaw Docker Setup
作者
Chunhua Liao
· GitHub ↗
· v1.0.2
434
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-docker-setup
功能描述
Install and configure a fully operational Dockerized OpenClaw instance on macOS from scratch. Includes browser pairing, Discord channel setup, and optional G...
安全使用建议
This guide appears coherent and matches its stated goal, but it handles sensitive credentials — Gmail App Passwords, Google OAuth client JSON, exported gog tokens, and optionally an Anthropic setup token/API key — and instructs you to place them inside persistent Docker volumes. Before proceeding: (1) ensure you trust the GHCR image source (verify upstream project and checksums if available); (2) prefer a dedicated bot account (as the guide recommends) and limit scopes/permissions when creating OAuth credentials; (3) avoid leaving temporary token export files on disk (remove /tmp exports after import); (4) understand that secrets stored in the named Docker volumes will persist until you remove them — rotate or revoke tokens if the instance is decommissioned; (5) follow the guide’s safer file-copy patterns (pipe via docker exec rather than docker cp) to avoid ownership issues; and (6) if you need higher assurance, inspect the actual OpenClaw GHCR image contents (or run it in an isolated VM) before giving it production credentials. If you want, I can point out every command that writes credentials to disk so you can audit or modify them before running.
功能分析
Type: OpenClaw Skill
Name: openclaw-docker-setup
Version: 1.0.2
The skill is classified as suspicious due to inherent supply chain risks and the handling of sensitive credentials, despite demonstrating strong security awareness. It instructs the AI agent to install binaries (`himalaya`, `gogcli`) via `curl -L ... | tar -xz ...` from external GitHub repositories (`github.com/pimalaya/himalaya`, `github.com/steipete/gogcli`) within the Docker container (in `references/gmail-setup.md` and `references/google-drive-setup.md`), which introduces a supply chain vulnerability. Additionally, the agent is instructed to handle and configure sensitive credentials (Gmail App Password, Google OAuth tokens) by reading them from the host and piping them into the container's configuration, a necessary but risky capability. However, the skill explicitly uses Docker security hardening (`--cap-drop=ALL`), warns against insecure practices, and provides detailed instructions for secure credential transfer, indicating no clear malicious intent within the skill itself.
能力评估
Purpose & Capability
The name/description (Dockerized OpenClaw with Discord/Gmail/Drive integration) matches the actions in SKILL.md: pulling GHCR image, running docker run, installing gog/himalaya inside the container, and moving host OAuth/credentials into the container. Nothing requested appears unrelated to installing or configuring a containerized OpenClaw instance.
Instruction Scope
The SKILL.md is prescriptive and stays on-task (docker commands, installing binaries inside the container, copying tokens). It does instruct the user to read host files, export tokens from the host Keychain/credentials, and pipe those credentials into the container — these are necessary for OAuth/App-Password flows but are sensitive operations. The guide also includes steps to view container files (which may reveal stored secrets).
Install Mechanism
No install spec (instruction-only) in the registry. Runtime installs use well-known hosts: ghcr.io for the container image and GitHub release tarballs for Himalaya/gog. Commands use curl | tar inside the container or brew on host; these are expected for installing CLI helpers. No obscure or shortener URLs detected.
Credentials
The skill does not declare required env vars in metadata, but the instructions legitimately use several environment values and secrets at runtime (INSTANCE/HOST_PORT, optional ANTHROPIC_API_KEY or Claude setup token, GOG_KEYRING_PASSWORD, Gmail App Password, OAuth client JSON). These are proportionate to the described integrations but are sensitive — the instructions persist them into named Docker volumes, which means secrets will reside on disk inside the container's volumes unless the user takes extra precautions.
Persistence & Privilege
always:false and no modification of other skills or system-wide agent config is requested. The skill's persistence model is standard: it creates/uses named Docker volumes and restarts the container; no elevated host privileges are requested beyond normal Docker usage.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-docker-setup - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-docker-setup触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Add all reference files: pitfalls, Gmail/Himalaya setup, Google Drive/gog setup, trigger tests, license.
v1.0.1
Add reference files.
v1.0.0
Initial release.
元数据
常见问题
OpenClaw Docker Setup 是什么?
Install and configure a fully operational Dockerized OpenClaw instance on macOS from scratch. Includes browser pairing, Discord channel setup, and optional G... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 434 次。
如何安装 OpenClaw Docker Setup?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-docker-setup」即可一键安装,无需额外配置。
OpenClaw Docker Setup 是免费的吗?
是的,OpenClaw Docker Setup 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Docker Setup 支持哪些平台?
OpenClaw Docker Setup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin)。
谁开发了 OpenClaw Docker Setup?
由 Chunhua Liao(@chunhualiao)开发并维护,当前版本 v1.0.2。
推荐 Skills