Docker

Security checks across malware telemetry and agentic risk

Overview

This Docker skill is high-privilege by nature, but its Docker and Compose access is disclosed, purpose-aligned, and configurable.

Install only if you are comfortable giving the agent Docker access. Prefer readOnly: true and a narrow allowedOperations list for observation, configure only trusted Compose project directories, protect TLS certificate paths, and run integration tests only against a disposable Docker daemon.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This integration test issues real stop/start/restart/remove operations against whatever Docker daemon is reachable via the default socket or DOCKER_HOST. Although intended for legitimate testing, the lack of strong isolation, opt-in gating, or prominent safety checks means a developer or CI job pointed at a non-test daemon could unintentionally disrupt existing containers or delete resources.

VirusTotal

No VirusTotal findings

View on VirusTotal