Back to skill
Skillv1.0.0
ClawScan security
Dockerfile Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMay 1, 2026, 3:55 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5.5
- Summary
- This is an instruction-only Dockerfile review skill with coherent, purpose-aligned guidance and no evidence of hidden code, credentials, persistence, or unsafe behavior.
- Guidance
- This skill appears safe to use for reviewing Dockerfiles. As with any generated DevOps recommendation, review suggested Dockerfile changes before applying them to production builds, especially changes to base images, users, health checks, and dependency installation steps.
Review Dimensions
- Purpose & Capability
- okThe stated purpose is to optimize and harden Dockerfiles, and the SKILL.md content is aligned with Dockerfile analysis, image size reduction, build caching, and production security recommendations.
- Instruction Scope
- okThe instructions focus on reviewing Dockerfiles and providing optimization recommendations; command examples are read-oriented and directly related to container analysis.
- Install Mechanism
- okThere is no install spec and no code files, so there is no artifact evidence of package installation, remote script execution, or hidden helper code.
- Credentials
- okThe referenced local commands, such as finding Dockerfiles and inspecting Docker images, are proportionate to the skill's purpose and do not show credential access or unrelated system inspection.
- Persistence & Privilege
- okThe artifacts do not request credentials, elevated privileges, background execution, persistent memory, or account-level authority.