Back to skill

Security audit

Docker Compose Debugger / Docker Compose 调试助手

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Docker Compose debugging skill with purpose-aligned behavior, but users should review any generated configuration changes before applying them.

Install only if you are comfortable with Docker Compose tooling. Before using any auto-fix or Pro-style repair behavior, ask to see the proposed override file, target path, and diff, and only apply changes after reviewing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises automatically generating optimized docker-compose override files to fix issues, but provides no warning, confirmation step, or indication that project configuration may be modified. In a tool that operates on deployment configuration, silent or unexpected file generation can lead to unsafe changes being applied, configuration drift, or accidental breakage of services.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Advertising bulk automatic config repair without warning increases the risk that users will run the skill expecting diagnostics only, while it may alter project files at scale. In the context of docker-compose projects, broad automatic rewrites can misconfigure ports, volumes, or networking across multiple services and environments.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.