ClawHub

Sovereign Docker Wizard

v1.0.0

Docker optimization expert. Analyzes Dockerfiles for security and performance, generates multi-stage builds, optimizes image size, creates docker-compose con...

0· 456·1 current·1 all-time
by@ryudi84
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Dockerfile and docker-compose analysis, multi-stage builds, security/performance recommendations) match the included SKILL.md, README, and examples. No unexpected binaries, cloud credentials, or system-level config paths are requested.
Instruction Scope
SKILL.md contains only analysis templates, patterns, and example Dockerfiles/compose files. The instructions expect the user or agent to provide Dockerfile/compose content for analysis; they do not instruct the agent to read arbitrary host files, environment variables, or exfiltrate data. The guidance to check for things like socket mounts or secrets is appropriate for a container security audit.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is downloaded or written to disk by the installer. This is the lowest-risk install model.
Credentials
The skill declares no required environment variables or credentials. That matches its purpose (textual analysis and generation of Docker artifacts). There are no unexplained secret/token requests.
Persistence & Privilege
always:false and default invocation settings are used. The skill does not request persistent system presence, nor does it modify other skills or system-wide configs in the provided materials.
Assessment
This is an instruction-only skill that provides Dockerfile and docker-compose analysis and templates; it does not request credentials or install code. Before using it: (1) avoid pasting secrets, passwords, or private keys from your projects into the prompt — Dockerfiles and compose files sometimes contain credentials and those would be included in the agent's output/context; (2) if you plan to let an autonomous agent operate on your repository, review what files it will access and ensure it won't be given host/registry credentials; (3) treat the recommendations as guidance and validate changes in a CI/test environment before deploying. If you need automatic editing of repositories or CI integration, prefer a workflow that supplies only the necessary sanitized inputs and explicit credentials scoped to a service account.

Like a lobster shell, security has layers — review code before you run it.

latestvk9791hjybx6mzmfy2shm44qvg981p6s4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐳 Clawdis

Comments