ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dockerfile Generator

v1.0.0

Automatically generate optimized Dockerfiles for various app types with multi-stage builds and best practice performance enhancements.

0· 533·1 current·1 all-time
by@honestqiao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (generate optimized Dockerfiles) match the provided SKILL.md templates and the generateDockerfile implementation in skill.yaml. No unrelated credentials, binaries, or configuration paths are requested.
Instruction Scope
SKILL.md and the included templates limit behavior to producing Dockerfile text for Node.js, Python, and Go. There are no instructions to read system files, access environment variables, call external endpoints, or transmit data.
Install Mechanism
No install spec and no code files to execute beyond the instruction text; the skill is instruction-only, which is the lowest-risk install model.
Credentials
The skill requests no environment variables, credentials, or config paths. The templates and implementation do not reference secrets or other external services.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. Autonomous invocation (model invocation enabled) is the platform default and is not by itself a concern here.
Assessment
This skill appears coherent and low-risk: it only generates Dockerfile text. Before using results in production, manually review generated Dockerfiles for security best practices (avoid embedding secrets, pin exact base-image versions, add a non-root user, minimize exposed ports and installed packages, and validate multi-stage build outputs). Because it's instruction-only, it won't fetch code or credentials on its own, but never paste secrets into prompts or files you ask it to containerize.

Like a lobster shell, security has layers — review code before you run it.

devopsvk974zn52js1zrck9wt7mazxped81ntcjdockervk974zn52js1zrck9wt7mazxped81ntcjlatestvk974zn52js1zrck9wt7mazxped81ntcj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments