Docker Mirror
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The Docker mirror purpose is understandable, but the included wrapper can run broad Docker commands with Docker-group privileges and builds shell commands from user input.
Only install this if you trust the environment and intend the agent to have Docker-level authority. Prefer using it only for explicit image pulls, review any non-pull Docker command before allowing it, and avoid passing untrusted image names until the script validates inputs and avoids shell-string execution.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could perform broad Docker actions beyond mirror-assisted image pulling, including actions that affect containers, images, volumes, networks, or the host through Docker.
Any non-pull invocation is passed through to Docker without command allowlisting, so the skill can run container, stop, remove, prune, volume, network, or other high-impact Docker operations.
if [[ "$1" != "pull" ]]; then
sg docker -c "docker $*"
exit $?
fiRestrict the wrapper to the intended `pull` workflow or require explicit user approval for non-pull Docker commands, especially `run`, `rm`, `rmi`, `volume`, `network`, and `system prune`.
A malformed or adversarial image name could cause local shell commands to run with the same Docker-group context as the wrapper.
The script builds a shell command string using the image argument and passes it to `sg -c`; without validating Docker image names or safely passing arguments, shell metacharacters in input could be interpreted as additional commands.
if sg docker -c "docker pull $IMAGE" 2>&1; then
Validate image references against Docker’s allowed format and avoid composing shell strings; pass arguments through a safer execution path or quote/escape them robustly.
If installed in an environment where the agent can invoke the skill, the agent may gain practical control over Docker operations with potentially host-level consequences.
The script intentionally switches into the Docker group before executing commands; Docker-group access is a powerful delegated privilege and the wrapper does not limit that privilege to the stated mirror-pull behavior.
sg docker -c "docker $*"
Use only in a trusted local environment, limit invocation to explicit user-requested pulls, and consider a narrower helper that cannot execute arbitrary Docker subcommands.
Users may not realize before installation that the skill depends on local Docker and group-switching behavior.
The registry metadata does not declare the runtime assumptions that the artifacts themselves state and use, including `sg`, Docker, and a Linux environment.
Required binaries (all must exist): none Required binaries (at least one): none OS restriction: none
Declare `sg` and Docker as required binaries and restrict the supported OS to Linux so users can assess the environment impact before installation.