ClawHub

Docker Plus

Security checks across malware telemetry and agentic risk

Overview

This Docker guidance skill is not malicious, but it includes unsafe copy-paste production examples for secrets and destructive cleanup without adequate warnings.

Review this skill carefully before installing. It is a Docker reference, not malware, but do not copy its credential examples into real projects and do not run the prune command unless you understand it may delete unused Docker images, stopped containers, networks, and build cache.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill explicitly says not to store secrets in the image, then immediately demonstrates passing a database password via ARG and promoting it to ENV, which bakes sensitive data into image metadata and potentially into build history. In a Docker guidance skill, this is especially dangerous because readers are likely to copy the pattern into production builds, causing credential leakage through registries, image inspection, and CI logs.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Documenting `docker system prune -af` without any warning encourages irreversible deletion of stopped containers, unused images, networks, and build cache. In an agent skill meant for quick reference, users may execute it blindly, causing destructive loss of local development or operational state.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The compose example embeds plaintext database credentials directly in configuration, normalizing insecure secret handling. Because this skill presents production patterns, readers may reuse the sample as-is, exposing credentials in source control, shell history, logs, and deployment metadata.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal