ClawHub

Dockerps

Security checks across malware telemetry and agentic risk

Overview

This Docker skill is mostly a container monitoring helper, but its cleanup command can delete local Docker resources without clear warning or confirmation.

Install only if you are comfortable giving the agent Docker inspection access and will avoid or tightly control the cleanup command. Treat cleanup as destructive: it can remove stopped containers and pruned images from the local Docker environment immediately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is described as a monitoring tool for container processes and stats, but it also exposes a cleanup command that prunes containers and images. That destructive capability is unrelated to the stated purpose and can cause unexpected data loss or service disruption if invoked by a user or agent expecting read-only observability behavior.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
`docker container prune -f` and `docker image prune -f` delete Docker resources without being justified by the skill's stated monitoring purpose. In an agent setting, mismatched capability increases the chance of unsafe invocation because operators may trust the tool as observational while it can actually mutate and remove resources.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents a `cleanup` command without any warning that it may delete stopped containers and unused images, which can cause unintended data loss or disrupt operator workflows. In an agent-driven context, a terse command name with no caution increases the chance of accidental execution by users or automation that interpret it as harmless housekeeping.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The cleanup command performs irreversible pruning with `-f`, bypassing Docker's own confirmation flow and giving the user no warning inside the script. This makes accidental destructive execution much more likely, especially when used through automation or by an agent interpreting natural-language requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal