Security Audit

dokploy

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

dokploy received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 6 findings: 2 critical, 0 high, 3 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Node lockfile missing, Unsafe writing of API key/URL to config file allows command injection.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 26/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

98%

LLM Behavioral Safety

26%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

3 findings

Shell Execution

5 findings

Dynamic Code

2 findings

Excessive Permissions

4 findings

Security Findings6

Severity	Finding	Layer	Location
CRITICAL	Unsafe writing of API key/URL to config file allows command injection The `dokploy-config.sh` script writes user-provided `DOKPLOY_API_URL` and `DOKPLOY_API_KEY` directly into `~/.dokployrc` without sanitization or shell escaping. If an attacker can control these values (e.g., through a malicious prompt or environment variable), they can inject shell metacharacters (like `$(command)`) into the config file. When a user later `source`s this `~/.dokployrc` file, the injected commands will be executed with the user's privileges, leading to arbitrary command execution. Sanitize or shell-escape user-provided values before writing them to the config file. For example, use `printf %q` for shell-safe quoting. Alternatively, use a configuration format that is not directly sourced as a shell script, or ensure that the values are properly quoted and escaped for shell interpretation.	LLM	scripts/dokploy-config.sh:30
CRITICAL	Unsanitized user input in URL parameters leads to command injection The `api_request` function in `dokploy.sh` constructs `curl` commands by directly interpolating user-controlled variables (e.g., `applicationId`, `projectId`, `domainId`) into the URL query string. For example, in `dokploy-app.sh`, the `applicationId` (`$2`) is directly appended to the URL. If these user-provided IDs contain shell metacharacters (e.g., `$(command)`, `;`, `\|`), they can escape the `curl` command and execute arbitrary shell commands with the privileges of the script. This affects all commands that pass user-controlled IDs directly into the `endpoint` argument of `api_request`. All user-controlled values used in URL paths or query parameters must be properly URL-encoded and shell-escaped before being passed to `curl`. For shell escaping, `printf %q` can be used. For URL encoding, a dedicated function or tool should be employed.	LLM	scripts/dokploy-app.sh:60
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/joshuarileydev/dokploy/scripts/dokploy-config.sh:4
MEDIUM	API Key stored in plain text in user's home directory The `dokploy-config.sh` script stores the `DOKPLOY_API_KEY` in plain text within `~/.dokployrc`. While this is a common practice for CLI tools, it exposes the API key to any process or user with read access to the file. The script does not explicitly set restrictive file permissions (e.g., `chmod 600`) on the created config file, increasing the risk of unauthorized access to the sensitive API key. Implement strict file permissions (e.g., `chmod 600 "$CONFIG_FILE"`) immediately after creating or updating `~/.dokployrc`. Consider using a more secure credential storage mechanism, such as a system keyring or environment variables that are not persisted to disk, for sensitive API keys.	LLM	scripts/dokploy-config.sh:32
MEDIUM	Unsanitized user input interpolated into `jq` filter In `dokploy-app.sh` and `dokploy-domain.sh`, user-provided IDs (e.g., `projectId`, `appId`) are directly interpolated into `jq` filters using string concatenation. For example, `jq -r ".[] \| select(.projectId == \"$projectId\") \| ..."`. If these IDs contain `jq` metacharacters (like `"` or `\|`), an attacker could manipulate the `jq` filter to extract arbitrary data from the API response, bypass filtering logic, or cause unexpected processing. This could lead to data exfiltration or denial of service. Use `jq`'s `--arg` or `--argjson` options to pass user-controlled values into the filter. This ensures that the values are properly escaped by `jq` and treated as literal strings within the filter, preventing injection.	LLM	scripts/dokploy-app.sh:37
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/joshuarileydev/dokploy/.clawdhub/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/2bbcefa2f0e24fec.svg)](https://skillshield.io/report/2bbcefa2f0e24fec)