Docker Sandbox Lucas

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Docker sandbox skill whose powerful Docker operations are disclosed and aligned with its isolation purpose, though users should be careful with mounted project files and reset commands.

Install only if you are comfortable letting Docker create and manage sandbox VMs. Use disposable project copies for untrusted code, avoid mounting sensitive directories, prefer deny-by-default network rules, and run remove or reset commands only after saving anything you need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents `docker sandbox reset` as a troubleshooting step but does not clearly warn that it clears all sandbox state and can destroy user data. In an agent-oriented skill, users may copy commands verbatim, so omitting an explicit destructive-action warning materially increases the chance of accidental data loss.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill emphasizes VM isolation but explains that the host workspace is mounted into the sandbox without explicitly warning that commands inside the sandbox can read, modify, or delete those host files. This can create a false sense of safety when running untrusted code, leading users to expose sensitive projects or suffer host-side file tampering despite the sandbox.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal