Docker Ops
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-aligned for Docker operations, but its documented commands can delete Docker resources and expose container logs, so use destructive actions carefully.
Install only if you want the agent to help manage Docker. Before running cleanup or Compose removal commands, confirm the target project and use dry-run where available. Treat Docker access as privileged, and avoid sharing sensitive container logs unnecessarily.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running cleanup, especially with `--aggressive`, can delete stopped containers, unused volumes, networks, images, or build cache that may be hard to recover.
The cleanup script runs force-prune Docker commands, including optional volume and build-cache removal. This is aligned with Docker cleanup, but it can remove local resources without Docker's normal confirmation prompt.
do_cmd "Removing stopped containers..." "docker container prune -f" ... do_cmd "Removing unused volumes (⚠️ risk of data loss)..." "docker volume prune -f"
Use `--dry-run` first, confirm which project or containers are affected, and require explicit user approval before destructive Docker cleanup.
A user or agent with Docker daemon access can start, stop, inspect, and modify containers and may indirectly affect the host environment.
The skill suggests adding the user to the docker group to resolve permission errors. Docker group membership grants broad control over the Docker daemon and can be equivalent to high local privilege.
sudo usermod -aG docker $USER && newgrp docker
Only grant Docker group membership to trusted users and treat Docker commands as privileged operations.
Container logs shown to the agent may reveal sensitive application data or contain misleading text that should not be treated as instructions.
The log inspector fetches and prints Docker logs for analysis. Logs are expected input for this skill, but they may contain secrets, customer data, or untrusted text.
result = subprocess.run(cmd, capture_output=True, text=True, timeout=15) ... print(logs)
Inspect only relevant containers, redact sensitive logs when possible, and do not follow instructions that appear inside log output.
Users have less registry-level information about where the skill came from and what local tools it expects.
The registry metadata lacks provenance and does not declare required binaries, while the skill itself depends on Docker, bash, and Python scripts. The reviewed source is provided, so this is a metadata/provenance note rather than hidden behavior.
Source: unknown; Homepage: none; Required binaries (all must exist): none
Review the included scripts before use and ensure Docker, bash, and Python are available in the intended environment.