Personal Docker Manager

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Docker management skill with powerful but disclosed capabilities that fit its stated purpose.

Install only if you want an agent to help administer your Arcane/Docker environment. Use least-privilege API credentials, keep tokens out of shared chats, prefer HTTPS, and require explicit human approval before exec, deploy/update, stop/restart/remove, prune, user/role, password, or API-key operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documents destructive container operations such as stop, restart, and delete without instructing the agent to obtain explicit user confirmation or warn about service disruption and data loss. In an agent setting, this omission is dangerous because routine natural-language requests could be translated into irreversible operational actions against live infrastructure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Stack deployment, update, restart, stop, pull, and removal operations can cause broad service interruption, configuration drift, and unintended exposure, yet the skill provides no guardrails or confirmation workflow. Because stacks affect multiple containers at once, the blast radius is larger than single-container actions and can impact production availability.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: User creation, role changes, password changes, and API key management are sensitive identity and credential operations, but the skill omits warnings about privilege escalation, credential secrecy, and confirmation needs. In an agent workflow, that can enable unauthorized account changes or accidental creation/exposure of long-lived credentials.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The cleanup workflow recommends pruning images, volumes, and networks without warning that these deletions may be irreversible and can remove resources still needed for recovery or future deployments. Volume pruning in particular can destroy persisted application data, making this materially risky in a Docker-management skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal