Back to skill

Security audit

Docker Space Saver / Docker 空间清理

Security checks across malware telemetry and agentic risk

Overview

This is a Docker cleanup skill whose risky behavior is disclosed and aligned with freeing disk space, with no executable install payload found.

Install only if you intend to manage Docker disk usage. Before running any real prune action, use dry-run first and review whether unused containers, images, networks, or volumes may still contain data you need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly encourages one-click Docker pruning and presents an example command, but it does not prominently warn that pruning can permanently delete unused images, containers, networks, and especially volumes. In a real environment, users may run cleanup commands against hosts they do not fully understand, causing irreversible data loss or disruption to build pipelines and recovery workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.