Docker Operations

Security checks across malware telemetry and agentic risk

Overview

This is a Docker command reference, but it includes high-impact cleanup, publishing, credential, and filesystem-copy examples without enough safety guardrails for agent use.

Install only if you want an agent-facing Docker CLI reference and are comfortable supervising Docker mutations. Do not let an agent run prune, rm, bind-mount, import, push, or login examples on production or sensitive machines without explicit review; prefer scoped filters, temporary empty directories, and --password-stdin for credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (9)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly advertises destructive cleanup commands such as `docker container prune`, `docker image prune`, `docker volume prune`, `docker network prune`, and `docker system prune` without any warning that they can permanently delete resources and data. In an agent context, this increases the chance of unsafe or overbroad execution that disrupts running environments or causes data loss.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill includes registry authentication and image publication operations (`docker login`, `docker push`) without warning about credential exposure, accidental publication of proprietary images, or leakage of embedded secrets. In an agent workflow, this can lead to mishandling of secrets or unintended disclosure to external registries.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation instructs users to save and extract an image tarball into local paths such as /tmp/image.tar and ./image-contents without warning that extraction writes many files to the host filesystem and may overwrite or populate existing directories. In an agent skill context, users may execute these commands automatically or in the wrong working directory, creating unexpected host-side modifications and possible exposure of embedded secrets from the image.

Missing User Warnings

High

Confidence: 97% confidence
Finding: Method 3 bind-mounts a host directory into a running container and recursively copies the container filesystem into it with cp -r /* /output, while suppressing errors. This is more dangerous than passive inspection because it causes broad host writes from within container context, can fill disk, copy unexpected files, and normalize a risky pattern where untrusted images interact with host-mounted paths.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The guidance to repackage extracted filesystem contents and docker import them into a new image omits warnings that the extracted tree may contain secrets, insecure binaries, tampered configs, or other unsafe modifications. In a skill that supports image management, this can encourage rebuilding and redistributing images without provenance or content review.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: This documentation includes several destructive Docker cleanup commands, including forceful prune operations and broad system cleanup, with only limited warning coverage. In an agent skill context, these examples can be selected or repeated by automation, causing unintended deletion of containers, images, networks, and volumes and leading to service disruption or data loss.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The `docker rm` section includes destructive examples such as `docker rm -f my_container` and especially `docker rm $(docker ps -aq)` without an adjacent warning or confirmation note. In an agent skill context, documentation examples are likely to be copied or suggested directly, so omission of a caution materially increases the chance of accidental bulk deletion of containers and associated downtime/data loss.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation includes `docker login -u "username" -p "password"`, which exposes secrets on the command line where they may be captured in shell history, process listings, logs, or telemetry. Although the page later recommends `--password-stdin`, presenting the insecure form as a normal example without a strong explicit 'do not use in practice' warning can lead users to adopt unsafe credential handling.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The quick reference repeats `docker login -u <user> -p <pass> <server>` in a condensed cheat-sheet form, making the insecure pattern even more likely to be copied directly into scripts or terminals. Quick references are high-risk because users often skim them without reading surrounding guidance, increasing the chance of credential exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal