Back to skill
Skillv1.0.0
ClawScan security
Docker Container Cleaner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 2:08 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, requirements, and instructions are consistent with a local CLI tool that calls the Docker CLI to prune containers, images, volumes, and networks — nothing in the manifest indicates unrelated credential access or external exfiltration.
- Guidance
- This appears to be a local CLI tool that calls your Docker daemon to remove resources. Before using: (1) review the included scripts/main.py yourself (or run in a safe environment) to confirm behavior; (2) run with --dry-run first to see what would be removed; (3) avoid running in production unless you understand which containers/volumes/images will be deleted and have backups; (4) be aware Docker commands may require sudo or docker-group membership; (5) check the full script (not just the SKILL.md) if you have stricter security needs — the provided snippet was truncated in the review, so verify the complete file in your copy.
Review Dimensions
- Purpose & Capability
- okName/description (clean Docker resources) aligns with requirements (python3, docker) and the code which shells out to the Docker CLI and implements prune/status operations. No irrelevant binaries or credentials are requested.
- Instruction Scope
- okSKILL.md only instructs running the included script and optional pip install for the Docker SDK. It does not instruct reading unrelated system files, sending data to external endpoints, or requesting secrets. Operations are limited to local Docker commands and reporting.
- Install Mechanism
- okThere is no install spec (instruction-only from platform perspective) and the repository includes a Python script. No remote downloads or archive extraction are specified by the skill metadata.
- Credentials
- okThe skill declares no required environment variables or credentials. It requires only the Docker daemon/CLI and Python, which are appropriate for its purpose. Some Docker operations may require elevated privileges (sudo or docker group), which is expected.
- Persistence & Privilege
- okalways is false, the skill is user-invocable and not force-installed. It does not request persistent system-wide privileges or modify other skills' configs in the provided content.