Docker Cli

Security checks across malware telemetry and agentic risk

Overview

This is a Docker command reference skill with no executable code; its risky examples are mostly normal Docker usage, though users should be careful with host mounts and cleanup commands.

Install only if you want Docker CLI assistance. Review commands before running them, especially rm/rmi/prune operations, detached containers, port mappings, and -v host mounts. Avoid mounting sensitive paths such as your home directory, SSH keys, config folders, or / unless you fully trust the image; use read-only mounts with :ro when practical.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill recommends bind-mounting a host directory into a container but does not warn that this exposes host files to the container and may allow modification, deletion, or unintended disclosure of sensitive data. In a Docker CLI helper, users may copy commands directly, so omitting this caution increases the chance of unsafe host filesystem access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal