Back to skill

Security audit

dokku

Security checks across malware telemetry and agentic risk

Overview

This Dokku skill is mostly coherent for server administration, but it asks for powerful root-level infrastructure actions without enough scoping or safety guidance.

Install only if you intend to let an agent help administer a Dokku host. Review every sudo command, plugin URL, network binding, Docker prune, and background command before running it; prefer pinned official sources and verified scripts, and avoid using generic deployment prompts unless you explicitly want Dokku changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger terms include broad words such as "deploy," "cleanup," and "containers," which are generic operational terms that can appear in many unrelated requests. This can cause the Dokku skill to activate outside its intended scope and perform infrastructure-affecting actions on a Dokku host, increasing the chance of accidental command execution in the wrong context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions tell users to download and execute a remotely hosted bootstrap script with sudo privileges, but provide no warning about the risks or any integrity verification step. If the remote script, hosting path, DNS, or TLS trust chain is compromised, the user would execute attacker-controlled code as root during installation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation describes changing network exposure settings, including binding an app to all interfaces (0.0.0.0), but does not warn that this can expose services beyond localhost or intended internal networks. In an operational CLI skill, omission of exposure-risk guidance can lead users to unintentionally publish services and increase attack surface.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs agents to background long-running shell commands and then monitor them later, but it provides no warning about the risks of launching destructive, persistent, or resource-intensive operations asynchronously. In an agent setting, this is dangerous because background execution reduces immediate visibility and can allow accidental or unsafe commands (such as migrations, installs, or other state-changing operations) to continue outside the normal interactive control flow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.