Dockerfile Generator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to generate visible Dockerfile templates and does not install code, access credentials, or run Docker automatically.

This is reasonable to install for Dockerfile template generation. Review any generated Dockerfile before building it, and avoid using untrusted values for image versions or ports because those fields can change the resulting Dockerfile text.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger patterns are broad enough to match generic requests such as 'docker配置' or 'containerize', which can cause the skill to activate in contexts where the user did not explicitly request Dockerfile generation. This can lead to incorrect skill routing, unintended responses, or invocation over more appropriate skills, though it does not directly create code execution or data exposure in this file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal