Docker
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Docker reference skill with no code, though some documented Docker commands can change, publish, or delete container resources and should be run deliberately.
This skill appears safe to install as Docker guidance. Before letting an agent run commands from it, make sure it is operating on the intended Docker context and avoid destructive cleanup or publishing commands unless you have reviewed and approved the exact action.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong Docker context or project, these commands could delete local Docker data, stop services, or publish an image unintentionally.
The skill documents Docker CLI operations that can publish images or remove containers, images, and volumes. This is expected for a Docker skill and destructive commands are labeled, but these actions can materially affect a user's environment.
docker push registry/myapp:1.0 # publish ... docker volume prune # remove unused (DESTRUCTIVE) ... docker system prune -a --volumes # remove everything (DESTRUCTIVE)
Confirm the Docker context, project, and target resources before running mutating commands, and avoid prune, down, push, or volume operations unless the user explicitly intends them.