caddy

Manages Caddy web server operations with zero-downtime deployments, secret management, and custom builds across multiple environments.

Install this skill

or

25/100

Security score

The caddy skill was audited on Feb 9, 2026 and we found 27 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 662

Curl to non-GitHub URL

SourceSKILL.md

662	curl -X POST http://localhost:2019/load \

medium line 697

Curl to non-GitHub URL

SourceSKILL.md

697	curl -f https://alpha.truthforge.terraphim.cloud/health

medium line 698

Curl to non-GitHub URL

SourceSKILL.md

698	curl -f https://ci.terraphim.cloud/health

medium line 723

Curl to non-GitHub URL

SourceSKILL.md

723	curl -f https://domain.com/health

medium line 804

Curl to non-GitHub URL

SourceSKILL.md

804	curl -sf https://domain.com/health

low line 54

Access to hidden dotfiles in home directory

SourceSKILL.md

54	# See: ~/.claude/skills/1password-secrets.md

medium line 97

Access to hidden dotfiles in home directory

SourceSKILL.md

97	Server configuration details: `~/.docs/caddy-skill/servers.json`

low line 204

Access to hidden dotfiles in home directory

SourceSKILL.md

204	cat ~/.docs/caddy-skill/servers.json \| jq -r '.servers.bigbox'

low line 413

Access to hidden dotfiles in home directory

SourceSKILL.md

413	# See: ~/.claude/skills/1password-secrets.md Workflow 1

medium line 835

Access to hidden dotfiles in home directory

SourceSKILL.md

835	See: `~/.claude/skills/1password-secrets.md` for detailed secret management workflows.

medium line 879

Access to hidden dotfiles in home directory

SourceSKILL.md

879	- 1Password Secret Management: `~/.claude/skills/1password-secrets.md`

medium line 891

Access to hidden dotfiles in home directory

SourceSKILL.md

891	Server Configuration: `~/.docs/caddy-skill/servers.json`

medium line 892

Access to hidden dotfiles in home directory

SourceSKILL.md

892	Pattern Library: `~/.docs/caddy-skill/patterns/` (coming soon)

low line 318

Access to .env file

SourceSKILL.md

318	⚠️ GITHUB_CLIENT_ID (defined in caddy_complete.env)

low line 319

Access to .env file

SourceSKILL.md

319	⚠️ GITHUB_CLIENT_SECRET (plaintext in caddy_complete.env)

low line 320

Access to .env file

SourceSKILL.md

320	⚠️ JWT_SHARED_KEY (plaintext in caddy_complete.env)

low line 407

Access to .env file

SourceSKILL.md

407	cat caddy_complete.env \| grep "VAR_NAME="

low line 467

Access to .env file

SourceSKILL.md

467	Solution 1: Define in caddy_complete.env

medium line 829

Access to .env file

SourceSKILL.md

829	1. Detect plaintext secrets in `caddy_complete.env`

medium line 830

Access to .env file

SourceSKILL.md

830	2. Use 1Password skill (Workflow 2: Generate Template) to create `.env.template`

low line 460

External URL reference

SourceSKILL.md

460	Documentation: https://caddyserver.com/docs/...

low line 603

External URL reference

SourceSKILL.md

603	✓ Test endpoint: https://alpha.truthforge.terraphim.cloud/health → 200 OK

low line 662

External URL reference

SourceSKILL.md

662	curl -X POST http://localhost:2019/load \

low line 697

External URL reference

SourceSKILL.md

697	curl -f https://alpha.truthforge.terraphim.cloud/health

low line 698

External URL reference

SourceSKILL.md

698	curl -f https://ci.terraphim.cloud/health

low line 723

External URL reference

SourceSKILL.md

723	curl -f https://domain.com/health

low line 804

External URL reference

SourceSKILL.md

804	curl -sf https://domain.com/health

Scanned on Feb 9, 2026

View Security Dashboard

Installation guide →

GitHub Stars 106

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

openclaw devops backend devops-sre backend-developer technical-pm development product

majiayu000/claude-skill-registry