Back to skill

Security audit

Dockerfile Hardening Scanner / Dockerfile安全加固扫描器

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only Dockerfile scanning helper with no executable payload, installer, persistence, or hidden behavior in the submitted artifact.

This appears safe to install as submitted, but it is mostly descriptive rather than a complete scanner. Before using any future Pro/API or external CLI flow, review what tool is actually being run and avoid sending Dockerfiles with secrets to external services unless that data handling is clearly disclosed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.