Dockerfile & Container Reviewer
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only Dockerfile reviewer is coherent and does not request code execution or credentials, with only minor caveats about provenance and possible retained review notes.
This skill appears safe to use for reviewing pasted Dockerfile or docker-compose content. Be cautious about pasting real secrets, and if your agent has memory enabled, consider disabling cross-session memory or asking it not to store project-specific review findings.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users cannot easily verify the publisher or upstream project beyond the registry owner metadata.
The registry metadata does not provide an upstream source or homepage. Because this is instruction-only with no install spec or code files, this is a low-level provenance note rather than a behavioral concern.
Source: unknown; Homepage: none
Review the visible SKILL.md instructions before use and prefer skills with clear provenance when available.
If the agent has memory enabled, prior review findings could influence later responses and may reveal general patterns from earlier projects.
This asks the agent to retain and reuse information across reviews. It appears limited to aggregate review findings, but it is not bounded by session, project, retention period, or user consent.
After each review, note the most impactful finding. After 20 reviews, surface "Top 3 Dockerfile mistakes" at the start of the response.
Keep any retained notes generic, avoid storing project-specific details or secrets, and ask the user before using cross-session memory.