Docker Diag
Security checks across malware telemetry and agentic risk
Overview
The skill matches its Docker log-diagnosis purpose, but its helper script can be tricked into running unintended local commands through a crafted container name.
Do not install this as-is unless the command-injection bug is fixed. If you use it, avoid passing container names from untrusted text, and be aware that Docker logs may contain sensitive data.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental container-name string could cause the agent to run commands on the user's machine, not just inspect Docker logs.
The container name is passed into a shell command without quoting or validation. A crafted value containing shell metacharacters could execute arbitrary local commands when the agent runs the helper.
cmd = f"docker logs --tail {max_lines} {container_name}"
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)Change the script to use subprocess.run with an argument list and shell=False, for example ['docker', 'logs', '--tail', str(max_lines), container_name], and validate container names before execution.
Secrets, tokens, customer data, or misleading instructions present in container logs could be exposed to or influence the agent's analysis.
The skill intentionally sends selected Docker log content into the agent's reasoning context. This is expected for log analysis, but logs can contain sensitive values or text that should be treated as untrusted data.
Feed the output (which contains errors and context) into your reasoning engine.
Use the skill only on logs you are comfortable sharing with the agent, redact secrets where possible, and treat log contents as data rather than instructions.