Docker Hardening
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill appears to generate Docker hardening configuration through a disclosed external API, with no local code execution or credential access shown.
This looks safe to install as an API documentation/generator skill, but treat the provider as an external service. Do not send sensitive identifiers or private infrastructure details unless appropriate, and review any generated Docker security configuration before using it in production.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your hardening selections and any provided session or user identifier may be sent to the external API provider.
The skill is API-backed and discloses that requests go to an external provider while including session/user tracking metadata. This is purpose-aligned, but it crosses a provider boundary and may expose usage identifiers.
"Kong Route: https://api.mkkpro.com/hardening/docker" ... "sessionId | string | Yes | Unique session identifier for tracking and audit purposes" ... "userId | integer or null | No | Optional user identifier"
Use non-sensitive identifiers where possible and avoid putting private infrastructure details into option fields unless you trust the provider.
Applying generated Docker files without review could break workloads or create a false sense of compliance.
The wording may encourage users to trust generated Docker security files as production-ready. The behavior is aligned with the skill purpose, but security configurations should still be reviewed for the user's actual environment.
"validated, benchmark-aligned configurations that can be immediately deployed to production systems"
Review and test all generated Dockerfiles, compose files, and policies before deploying them to production.