Skillv1.0.0

ClawScan security

Docker Cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 9:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only Docker CLI helper whose requested capabilities and instructions are consistent with its stated purpose.
Guidance: This skill is coherent and simply documents Docker CLI commands. Before allowing an agent to execute any suggested commands, note: docker run -v (host mounts) and docker exec let processes access host files — only run those if you trust the agent and understand what host paths will be exposed. Be cautious with destructive commands (rmi, system prune) and confirm intent. No credentials or installs are required by the skill itself; it just assumes you have Docker available locally.

Purpose & Capability: okName/description (Docker CLI helper) match the content: SKILL.md provides commands for building, running, inspecting, and cleaning up containers/images. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope: noteInstructions stay within Docker CLI operations (build, run, logs, exec, prune). They do recommend high-privilege Docker actions such as mounting host directories (-v) and docker exec into containers — these are expected for a Docker helper but can expose host data if executed. The instructions do not ask the agent to read arbitrary host files or environment variables beyond using Docker commands.
Install Mechanism: okNo install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. That is proportional for a CLI helper that uses the local Docker daemon.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request permanent presence or modify other skills or system-wide settings.