Security audit
Docker MCP Toolkit
Security checks across malware telemetry and agentic risk
Overview
The skill is transparent about managing Docker MCP, but it gives an agent broad Docker MCP tool-calling and persistent server-management authority that users should review carefully.
Install only if you intend to let OpenClaw manage and invoke Docker MCP tools. Keep enabled MCP servers minimal, use dedicated least-privilege credentials, keep MCP endpoints local, and require explicit confirmation before config changes, writes, deletes, code execution, or tool calls that use sensitive credentials.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
58/58 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
