Managing Docker containers via docker-socket-proxy
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent and purpose-aligned for Docker container reporting and controlled restarts, but it needs careful whitelist and proxy configuration because it can read logs and restart services.
Install only if you intend this agent to inspect Docker container status/logs and restart selected containers. Before use, configure `DOCKER_HOST` to a least-privilege docker-socket-proxy, set `SYSCTL_WHITELIST_PATH`, keep the whitelist narrow, and verify that log output is redacted before it is shown or shared.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A permitted restart can temporarily disrupt a service if the whitelist or user request is wrong.
The skill can perform a high-impact Docker action, but the artifact clearly scopes it to whitelisted containers, explicit user requests, and a cooldown.
`docker restart <name>` | Restart a container (explicit request only!) ... Verify container is in whitelist AND `can_restart: true` ... do not restart the same container more than once per 5 minutes.
Keep the whitelist minimal, set `can_restart: true` only for safe containers, and review restart requests before allowing the agent to act.
If the docker-socket-proxy is over-permissive, the agent may have more container-management authority than intended.
The skill relies on delegated access to a Docker socket proxy; this is expected for the purpose, but the proxy defines the real privilege boundary.
`DOCKER_HOST` environment variable is pre-configured (do NOT override it manually) ... If `DOCKER_HOST` is not set, do NOT guess the address.
Configure docker-socket-proxy to expose only the needed Docker API operations and use the whitelist as a second layer of restriction.
Sensitive values from logs could appear in the conversation if the agent or user relies on raw script output.
The helper script reads container logs and prints selected error lines. Logs are untrusted and may contain secrets or prompt-like text; the script itself does not implement the SKILL.md redaction guidance.
LOG_CACHE=$(timeout 30 docker logs --since "${SINCE}" --tail 5000 "${NAME}" 2>&1 || true) ... echo "${LOG_CACHE}" | grep -i 'error\|exception\|fatal\|traceback' | sort -u | tail -10Treat log contents as untrusted data, redact secrets before showing output, and avoid displaying raw log lines unless necessary.
Users may not realize the skill needs Docker tooling and Docker proxy environment variables until runtime.
Registry metadata does not declare runtime dependencies that SKILL.md documents, including Docker CLI, jq, DOCKER_HOST, and SYSCTL_WHITELIST_PATH. This is a setup/provenance clarity issue, not hidden behavior.
Required binaries (all must exist): none ... Required env vars: none ... Env var declarations: none
Document these requirements in metadata so users and platforms can validate the environment before use.