ClawHub

Dockerlabs

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local Docker activity logger, not malware, but users should not mistake it for a real Docker tutorial or validator.

Install only if you want a local Docker activity log. Do not rely on it to actually lint, validate, fix, or teach Docker unless you independently verify those capabilities. Avoid entering registry tokens, passwords, internal hostnames, proprietary configs, or other sensitive details because entries are stored in plain text under ~/.local/share/dockerlabs and can be exported.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest frames the skill as a Docker learning/tutorial aid, while the content describes a local activity logger with history, export, and search capabilities. This deceptive framing can cause users to share sensitive operational data without informed consent, increasing the risk of unintended retention and later disclosure.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
Commands such as check, validate, generate, lint, and fix imply real Docker analysis or transformation, but the documentation says they may only record an entry. This can mislead users into trusting that security or correctness checks were performed when no actual validation occurred, potentially leading to unsafe deployment decisions.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The script does not implement Docker tutorials, orchestration practice, or container-learning functions described by the skill metadata; instead it provides a generic persistent logging utility. This mismatch is dangerous because users may trust and invoke the skill in a Docker-learning context while unknowingly storing arbitrary inputs to disk, increasing the chance of unintended data capture and misuse.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code exposes broad capabilities such as export, search, report-style aggregation, and persistent activity tracking that are not necessary for a Docker education skill. In this context, these features expand the data-collection surface and make previously entered content easy to retrieve or repackage, which can expose sensitive user input.

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
Labeling the script as a generic 'devtools toolkit' directly conflicts with the stated Dockerlabs learning purpose. While not harmful by itself, this discrepancy is a trust and transparency issue that increases suspicion that the shipped behavior is broader than users expect.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly stores, searches, and exports user-provided Docker-related entries but provides no warning about privacy, secret handling, or sensitivity of the logged content. In Docker workflows, users commonly handle image registry tokens, environment variables, internal service names, and infrastructure details, so silent persistence materially increases exposure risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The command handlers append raw user-provided input to log files under the user's home directory without prominent notice or consent. This is dangerous because users may enter credentials, internal hostnames, tokens, or proprietary text during normal use, and that data will persist in plain text for later disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The export function aggregates all historical logs into json/csv/txt files, duplicating previously captured user inputs into additional plain-text artifacts. This raises the exposure risk because sensitive content becomes easier to copy, share, or exfiltrate, often without the user realizing the export includes prior entries.

Ssd 3

Medium
Confidence
96% confidence
Finding
The tool persistently records user inputs and provides status, recent, search, and export views that surface those inputs in plain language. In a skill advertised as Docker learning, this behavior is more dangerous because users are less likely to expect surveillance-like logging and may supply operational or secret material during experimentation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal