ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Docker Diag

v1.0.0

Advanced log analysis for Docker containers using signal extraction.

0· 3k·12 current·13 all-time
by@mkrdiop
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description match what the files do: the SKILL.md instructs running a bundled Python script that calls 'docker logs' and analyzes output. Declaring python3 and docker as required bins is coherent.
!
Instruction Scope
SKILL.md restricts behavior to running log_processor.py and analyzing its output, which is within purpose. However the bundled script constructs a shell command with unescaped container_name and uses subprocess.run(..., shell=True), enabling shell injection if a malicious or malformed container name is provided. The instructions do not warn about sensitive data in logs or sanitization.
Install Mechanism
Instruction-only skill with a single included Python file and no install spec — low install risk. Nothing is downloaded from external URLs.
Credentials
The skill requests no environment variables or credentials, which is proportionate. It does require access to the Docker binary/daemon (implicitly) to read container logs; container logs can contain secrets or sensitive data, so granting Docker access to this skill is a substantive privilege that should be considered.
Persistence & Privilege
always:false and no persistent install behavior. Normal autonomous invocation is allowed (platform default) but not explicitly privileged by the skill.
What to consider before installing
This skill is coherent with its stated purpose but contains a concrete vulnerability and access risk. The Python script runs 'docker logs' by building a shell command with the container name, which allows shell injection if container names come from untrusted input. Before installing or enabling: (1) ask the author to fix the script to avoid shell=True and to pass args as a list or use the docker SDK (e.g., subprocess.run(['docker','logs','--tail',str(max_lines),container_name]) or docker-py), (2) review logs it will read because container logs can contain secrets, (3) only grant Docker access in a controlled environment (or run the skill in an isolated agent), and (4) avoid giving it autonomous invocation in high-risk contexts until the code is sanitized. If you are not able to confirm the fix, treat this skill as potentially unsafe and do not run it against production containers.

Like a lobster shell, security has layers — review code before you run it.

latestvk9730crjbj55rh5sbhphgdwkk9802ckn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments