Security audit
Dockerfile Hardening Scanner / Dockerfile安全加固扫描器
Security checks across malware telemetry and agentic risk
Overview
This skill is a documentation-only Dockerfile scanning helper with no executable payload, installer, persistence, or hidden behavior in the submitted artifact.
This appears safe to install as submitted, but it is mostly descriptive rather than a complete scanner. Before using any future Pro/API or external CLI flow, review what tool is actually being run and avoid sending Dockerfiles with secrets to external services unless that data handling is clearly disclosed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
