Back to skill
Skillv1.0.0
ClawScan security
Docker Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 11:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested files, binaries, and instructions match its stated purpose (Docker lifecycle management); it contains only straightforward docker CLI commands and a tiny helper script and does not request unrelated credentials or install steps.
- Guidance
- This skill is internally consistent and appears to do what it says: it runs docker CLI commands and includes a small formatting script. Before enabling, consider that the agent (if allowed autonomous invocation) can stop containers and run prune commands which can remove images/data. If you want to limit risk: (1) restrict autonomous invocation or require explicit user confirmation for destructive intents; (2) run the agent with least-privilege Docker access (e.g., a dedicated Docker user/host or restricted socket); and (3) review any outputs before letting the agent execute prune/remove operations.
Review Dimensions
- Purpose & Capability
- okName/description and required binaries (docker) align with the included commands and bundled script. All required capabilities (ps, start/stop, logs, stats, prune, images, system df) are coherent with the stated purpose.
- Instruction Scope
- okSKILL.md contains explicit docker CLI commands and examples; instructions operate only on Docker resources and do not attempt to read unrelated files, environment variables, or external endpoints.
- Install Mechanism
- okNo install spec; instruction-only skill with one small script. Nothing is downloaded or written during installation, minimizing supply-chain risk.
- Credentials
- okNo environment variables, credentials, or config paths requested. The skill relies solely on the local Docker CLI/daemon which is appropriate for the described functionality.
- Persistence & Privilege
- noteThe skill is not always-enabled and requests no extra privileges. However, like any tool that can be invoked autonomously, it can perform destructive Docker operations (stop, restart, prune). This behavior is expected for a Docker manager but is operationally impactful if run without user confirmation.