Docker Ops
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: docker-ops-toolkit Version: 1.0.2 The bundle provides standard Docker management utilities for container lifecycle management, health monitoring, and log analysis. The included scripts (docker-cleanup.sh, docker-health.sh, and docker-log-inspector.py) perform their stated functions using standard Docker CLI commands without any evidence of data exfiltration, persistence mechanisms, or malicious prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running cleanup, especially with `--aggressive`, can delete stopped containers, unused volumes, networks, images, or build cache that may be hard to recover.
The cleanup script runs force-prune Docker commands, including optional volume and build-cache removal. This is aligned with Docker cleanup, but it can remove local resources without Docker's normal confirmation prompt.
do_cmd "Removing stopped containers..." "docker container prune -f" ... do_cmd "Removing unused volumes (⚠️ risk of data loss)..." "docker volume prune -f"
Use `--dry-run` first, confirm which project or containers are affected, and require explicit user approval before destructive Docker cleanup.
A user or agent with Docker daemon access can start, stop, inspect, and modify containers and may indirectly affect the host environment.
The skill suggests adding the user to the docker group to resolve permission errors. Docker group membership grants broad control over the Docker daemon and can be equivalent to high local privilege.
sudo usermod -aG docker $USER && newgrp docker
Only grant Docker group membership to trusted users and treat Docker commands as privileged operations.
Container logs shown to the agent may reveal sensitive application data or contain misleading text that should not be treated as instructions.
The log inspector fetches and prints Docker logs for analysis. Logs are expected input for this skill, but they may contain secrets, customer data, or untrusted text.
result = subprocess.run(cmd, capture_output=True, text=True, timeout=15) ... print(logs)
Inspect only relevant containers, redact sensitive logs when possible, and do not follow instructions that appear inside log output.
Users have less registry-level information about where the skill came from and what local tools it expects.
The registry metadata lacks provenance and does not declare required binaries, while the skill itself depends on Docker, bash, and Python scripts. The reviewed source is provided, so this is a metadata/provenance note rather than hidden behavior.
Source: unknown; Homepage: none; Required binaries (all must exist): none
Review the included scripts before use and ensure Docker, bash, and Python are available in the intended environment.