Back to skill

Security audit

Docker Ops

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Docker management guide with risky commands clearly framed around user confirmation and data-loss warnings.

Install only if you want an agent to help manage Docker on the machine. Treat any prune, volume, compose down -v, restart, or sudo install action as requiring your explicit approval after reviewing what containers, images, or volumes will be affected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill clearly instructs the agent to use shell-capable Docker and Bash commands, yet the document shows no explicit permission declaration or safety boundary for those capabilities. In an agent setting, undocumented shell access increases the chance of executing impactful host-level operations without appropriate consent, review, or sandboxing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The cleanup section includes standard and aggressive cleanup commands, including one that removes volumes and build cache, but does not warn that these actions can permanently delete data and disrupt running or future environments. In a skill intended for automated agent use, presenting destructive commands without a clear confirmation requirement materially increases the risk of accidental data loss.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
`docker compose down -v` deletes named and anonymous volumes, which may contain databases or other persistent application data. Because the skill documents it as a routine workflow step without an explicit data-loss warning, an agent or user could invoke it during troubleshooting and irreversibly destroy state.

Missing User Warnings

Low
Confidence
82% confidence
Finding
`docker image prune -a` removes all unused images, which can break local development workflows, invalidate cached builds, and force large re-downloads or rebuilds. While less severe than volume deletion, presenting it without a warning can still cause operational disruption in an automated assistance context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/compose-patterns.md:78