ClawHub

lazydocker

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate lazydocker helper, but it gives under-scoped guidance for powerful Docker administration actions that can expose hosts or delete data.

Review before installing. Use this only if you want AI-assisted Docker administration. Prefer package-manager or pinned verified installs, avoid curl-to-bash, do not expose Docker on port 2375, use SSH or TLS-protected Docker contexts for remote hosts, and require explicit confirmation before deleting containers, images, volumes, pruning resources, changing daemon settings, mounting the Docker socket, or sharing diagnostic output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly promotes destructive Docker actions such as deleting containers, images, and volumes, but it does not warn that these operations can cause irreversible data loss or service disruption. In this context, an AI-guided workflow may make users more likely to perform high-impact actions without understanding consequences, especially for volumes and compose-managed services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example shows connecting lazydocker to a remote Docker host over an unauthenticated TCP endpoint, which can expose full administrative control over remote containers and host resources. Without warnings about authentication, encryption, and environment targeting, users may unknowingly operate on production infrastructure or transmit sensitive management traffic insecurely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The uninstall section includes `sudo rm /usr/local/bin/lazydocker` and `rm -rf ~/.config/jesseduffield/lazydocker` but does not clearly warn that binaries and user configuration will be permanently deleted. In an agent-executed context, omission of a deletion warning increases the chance of unintended data loss or surprise removal of local settings.

Missing User Warnings

High
Confidence
99% confidence
Finding
The guide instructs users or an AI agent to execute a remote script directly with `curl ... | bash`, which runs downloaded code without prior inspection, pinning, or integrity verification. If the source is compromised, intercepted, or unexpectedly changed, this becomes arbitrary code execution on the host.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This section documents destructive cleanup commands such as `docker system prune` and `docker system prune --volumes` without an explicit warning that they permanently delete stopped containers, unused images, networks, build cache, and potentially volumes holding data. In an AI-assisted or copy-paste workflow, users may run these commands without understanding the scope, causing irreversible data loss or service disruption.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The guide describes deleting service containers and images via shortcut keys and menu actions but does not warn about operational impact, including stopping services, removing containers, or disrupting environments that rely on those artifacts. In a terminal UI meant for rapid actions, omission of impact warnings increases the chance of accidental destructive operations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The diagnostic collection section instructs users/AI to print Docker info, OS details, terminal variables, and the full lazydocker config file. While intended for troubleshooting, this can expose hostnames, usernames, runtime configuration, registry endpoints, environment details, and other sensitive metadata if pasted into chats, tickets, or logs without redaction.

Ssd 3

Medium
Confidence
92% confidence
Finding
The document explicitly says AI can collect and analyze diagnostic information, then provides commands that reveal local configuration and environment data. In an agent/AI context this is more dangerous, because users may hand over command output directly to third parties or automated systems without realizing it contains sensitive host and Docker configuration details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal