coolify
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly documents and encourages patterns for achieving full host access from within managed containers. The documentation in
SKILL.mdprovides a 'Full host access pattern' using--privileged,--pid=host, and volume mounts of the host root filesystem and Docker socket. It further provides thensentercommand string needed to execute commands as root on the host system from within the container context. - [CREDENTIALS_UNSAFE]: The skill's configuration logic in
SKILL.md,scripts/deploy.sh, andscripts/status.shincludes fallback mechanisms to read sensitive API tokens from local files:~/.config/coolify/tokenand/etc/coolify/token. While intended for convenience, this pattern encourages the storage of long-lived, high-privilege credentials in plaintext on the filesystem. - [COMMAND_EXECUTION]: The
scripts/deploy.shandscripts/status.shscripts usepython3 -cto parse JSON API responses. While functional, passing API data directly into Python one-liners via shell redirection can be a surface for injection if the API response contains maliciously crafted content.
Audit Metadata