dokploy-deploy
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): In
scripts/setup.py, thevalidate_connectionandlist_projectsfunctions explicitly disable SSL certificate verification (ssl.CERT_NONE). If a user runs this setup on an untrusted network, an attacker could intercept thex-api-keyheader through a Man-in-the-Middle (MitM) attack, gaining full control over the user's Dokploy instance. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill configures Claude to run
@ahdev/dokploy-mcpusingnpx -y. This downloads and executes code from an external, untrusted npm scope at runtime. While this is the primary purpose of the skill, the lack of a pinned version or a trusted author increases the risk of a supply chain attack. - [CREDENTIALS_UNSAFE] (LOW): The setup script saves the Dokploy API key in plain text within
~/.claude/mcp.json. Although this is standard for MCP configurations, it results in sensitive credentials being stored unencrypted on the local filesystem. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill provides 67 tools that interact with a Dokploy instance. An attacker who can influence the metadata of a Dokploy project (e.g., project names or app descriptions) could potentially attempt to influence the agent's behavior when it lists or reads these resources.
- Ingestion points:
scripts/setup.py(vialist_projects), and the@ahdev/dokploy-mcptool outputs. - Boundary markers: None explicitly implemented in the setup script.
- Capability inventory: Full control over Docker deployments, databases, and environment variables on the target server.
- Sanitization: None detected in the provided Python script.
Audit Metadata