Docker Helper

Security checks across malware telemetry and agentic risk

Overview

This is mostly a Docker template and command-reference skill, with one under-described local helper script that only prints status messages and writes a local history log.

Install only if you want a Docker reference and template helper. Treat generated Dockerfiles and compose files as development starting points: replace default passwords, enable service security, restrict exposed ports, and review cleanup commands before running them. Avoid passing secrets as arguments to the generic helper script because it can store them locally in command history.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 81% confidence
Finding: The skill advertises operational capabilities that imply shell and network access, but it does not declare corresponding permissions or clearly scope those actions. This creates a transparency and consent problem: users or hosting frameworks may invoke a skill with capabilities broader than expected, increasing the chance of unintended command execution or outbound access.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: There is a significant mismatch between the stated Docker-helper purpose and the broader behaviors detected, including workflow automation, build/test/deploy actions, and persistent local logging. This kind of scope expansion is dangerous because users may trust the skill for narrow advisory use while it performs broader project-affecting operations or stores usage history without clear disclosure.

Description-Behavior Mismatch

High

Confidence: 93% confidence
Finding: The script materially contradicts the declared skill purpose: it presents itself as a Docker helper but implements a generic developer workflow wrapper with commands like init, check, build, test, and deploy. This mismatch is dangerous because users or higher-level agents may invoke it expecting Docker-scoped behavior, creating a trust-boundary violation that can misroute workflows, mask capabilities, and enable deceptive packaging of unrelated automation under a benign Docker-themed label.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The inline help and header explicitly describe a 'Developer workflow automation tool,' reinforcing that the artifact is not actually a Docker-focused helper as advertised. While not directly enabling code execution, misleading documentation increases the risk of operator or agent misuse and is a common indicator of repackaged or deceptively labeled skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal