← 返回 Skills 市场
leventsoft

Portainer

作者 Leventsoft · GitHub ↗ · v0.1.1
cross-platform ⚠ suspicious
1350
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install portainer-skill-openclaw
功能描述
Comprehensive management for Portainer CE environments and stacks. Supports listing environments, managing Docker Compose/Swarm stacks, and executing raw Docker commands via proxy. Use when the user needs to deploy apps, check container status, or manage networks within Portainer. Requires a Portainer API Key configured in OpenClaw.
安全使用建议
Key things to check before installing: - Do not install on production until you verify the credential handling. The Python script expects PORTAINER_API_TOKEN and PORTAINER_API_URL environment variables, but the registry metadata lists none and SKILL.md tells you to set OpenClaw config keys—confirm how your OpenClaw instance maps config keys to environment variables. - Treat the Portainer API token as highly sensitive. Create a token with the minimum privileges required (prefer read-only where possible) and avoid using a full admin token unless absolutely necessary. - Review and test the included scripts in an isolated environment first. The skill proxies arbitrary Docker API calls (can start/stop containers, read files, etc.) and also disables TLS verification (verify=False), which weakens transport security. - Ask the publisher or maintainer to fix packaging inconsistencies: package.json lists Python libraries as Node deps (likely incorrect) and metadata should declare the required credential(s) explicitly (primaryEnv or requires.env). Also request that TLS verification be optional (not disabled by default) and that the code documents where OpenClaw will source the token. - If you can’t verify these issues, avoid granting a real Portainer token. Instead, test using a throwaway Portainer instance with no access to critical hosts/data. Confidence: high that these inconsistencies are real and should be resolved before trusting the skill.
功能分析
Type: OpenClaw Skill Name: portainer-skill-openclaw Version: 0.1.1 The skill is classified as suspicious due to two main reasons found in `scripts/portainer_manager.py`. First, all HTTP requests to the Portainer API disable SSL certificate verification (`verify=False`), making the communication vulnerable to Man-in-the-Middle attacks and potentially exposing the Portainer API key and sensitive commands. Second, the `execute_docker_command` function allows the OpenClaw agent to proxy arbitrary Docker API requests through Portainer, granting extremely broad control over the underlying Docker environment, which is a high-risk capability that could lead to system compromise if exploited.
能力评估
Purpose & Capability
The code and SKILL.md implement Portainer management and raw Docker proxying (consistent with the name/description). However the registry metadata lists no required credentials whereas the runtime code requires PORTAINER_API_TOKEN (and optionally PORTAINER_API_URL). The SKILL.md instructs users to set OpenClaw config keys (portainer.apiKey / portainer.url) but the Python script reads environment variables named PORTAINER_API_TOKEN and PORTAINER_API_URL, creating a mismatch that could lead to silent failures or accidental exposure of secrets.
Instruction Scope
The SKILL.md and README limit operations to Portainer API calls (listing environments, stacks, executing proxied Docker API calls). That scope matches the code. However execute_docker_command proxies arbitrary Docker API paths and inspect_stack pulls stack file contents—both operations can expose secrets or perform powerful changes to hosts/containers. The skill also disables TLS verification (verify=False) and suppresses cert warnings, increasing risk when connecting to remote Portainer instances.
Install Mechanism
There is no formal install spec (instruction-only), but a Python script is included and README instructs installing Python and pip packages. The package.json incorrectly lists Python libraries ('requests', 'urllib3') as Node dependencies, suggesting sloppy packaging and raising doubt about how the skill will be installed/executed in OpenClaw. No downloads from unknown URLs were found, but the mismatch indicates the packaging/installation story is inconsistent and should be clarified.
Credentials
The skill requires a Portainer API token at runtime (PORTAINER_API_TOKEN) and can optionally use a custom PORTAINER_API_URL. The registry metadata lists no required env vars or primary credential, and SKILL.md instructs setting OpenClaw config keys instead of environment variables—this is an incoherence. The token grants high privileges over Docker via Portainer; requesting that secret is proportionate to the feature set but should be explicitly declared in metadata and the README, and the user should be warned to use a minimally-privileged token.
Persistence & Privilege
The skill does not request always:true and doesn't claim to modify other skills or system-wide configuration. It runs as an invoked script (entrypoint) and does not attempt to persist or escalate privileges beyond using the provided Portainer token and URL.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install portainer-skill-openclaw
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /portainer-skill-openclaw 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Initial release of portainer-skill-openclaw. - Added core functionality to manage Portainer CE environments and stacks. - Introduced scripts/portainer_manager.py for API interactions. - Provided setup instructions and API key configuration in README.md. - Published package metadata with package.json.
v0.1.0
Portainer Manager initial release — manage your Docker infrastructure via Portainer CE API. - List and inspect Portainer environments (endpoints) and stacks. - Deploy, remove, and inspect Docker Compose/Swarm stacks. - Execute raw Docker API commands through the Portainer proxy. - Requires a Portainer API Key set in OpenClaw configuration.
元数据
Slug portainer-skill-openclaw
版本 0.1.1
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Portainer 是什么?

Comprehensive management for Portainer CE environments and stacks. Supports listing environments, managing Docker Compose/Swarm stacks, and executing raw Docker commands via proxy. Use when the user needs to deploy apps, check container status, or manage networks within Portainer. Requires a Portainer API Key configured in OpenClaw. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1350 次。

如何安装 Portainer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install portainer-skill-openclaw」即可一键安装,无需额外配置。

Portainer 是免费的吗?

是的,Portainer 完全免费(开源免费),可自由下载、安装和使用。

Portainer 支持哪些平台?

Portainer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Portainer?

由 Leventsoft(@leventsoft)开发并维护,当前版本 v0.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论