ClawHub

Container Update Advisor

Check running Docker containers for newer image versions and generate a prioritized update report. Fetches release notes and flags breaking changes vs safe u...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 25 · 0 current installs · 0 all-time installs
byNew Age Investments@newageinvestments25-byte
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts: scanning local Docker containers, checking Docker Hub tags, fetching GitHub release notes, and formatting a report. No unrelated credentials, binaries, or installers are requested.
Instruction Scope
SKILL.md explicitly instructs running the four scripts in pipeline. The scripts run the 'docker' CLI to list containers and make outbound requests to Docker Hub and GitHub APIs (expected). Note: container image names, namespaces, and tags are sent to Docker Hub/GitHub as part of the checks — this is necessary for the feature but is network-exfiltration of container metadata by design.
Install Mechanism
Instruction-only skill with bundled Python scripts; there is no install spec and nothing is downloaded from remote URLs. No archives or external install operations are performed.
Credentials
No required env vars. One optional env var (GITHUB_TOKEN) is documented and used only to increase GitHub API rate limits. No other secrets or unrelated credentials are requested.
Persistence & Privilege
Skill is not always-enabled and does not request elevated persistent privileges or modify other skills or system configuration. It runs on-demand and only executes local docker CLI commands and outbound API calls.
Assessment
This skill appears to do what it claims. Before installing or running: 1) Review the scripts locally (they are included) if you want to confirm behavior. 2) Understand it requires access to the Docker CLI/daemon (it runs 'docker ps' and 'docker info'), so it will list your running containers — treat this as sensitive metadata. 3) The tool will make outbound requests to Docker Hub and GitHub using image names and inferred repo URLs; private/internal image names may be revealed to those services if images are hosted there. 4) Only provide a GITHUB_TOKEN if you accept using that token to authenticate calls to api.github.com (no scopes are required for public repo reads, but treat tokens as secrets). 5) If you run this on a machine with sensitive or internal-only images, consider running it in a controlled environment or auditing the behavior first by running the scripts with saved intermediate JSON files to inspect what would be sent externally.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97644zz1hm7hrhwwrcdcv73ws83xzes

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Container Update Advisor

Check all running Docker containers against Docker Hub for newer versions, fetch changelogs, and output a prioritized markdown report with risk flags.

Scripts

All scripts live in scripts/ relative to this file. Run from that directory.

ScriptPurpose
scan_containers.pyList running containers + image tags (outputs JSON)
check_updates.pyQuery Docker Hub for newer versions (stdin/file → JSON)
fetch_changelog.pyFetch GitHub release notes for updated images (stdin/file → JSON)
format_report.pyRender prioritized markdown report (stdin/file → stdout)

Full Pipeline

python3 scan_containers.py \
  | python3 check_updates.py \
  | python3 fetch_changelog.py \
  | python3 format_report.py

To save intermediate output for debugging, pass each script's output as a file argument to the next:

python3 scan_containers.py > /tmp/c.json
python3 check_updates.py /tmp/c.json > /tmp/u.json
python3 fetch_changelog.py /tmp/u.json > /tmp/ch.json
python3 format_report.py /tmp/ch.json

Risk Assessment Logic

  • Major version bump → 🔴 review first
  • Minor version bump → 🔴 review first (may have API changes)
  • Changelog mentions "breaking" → 🔴 review first
  • Patch bump only, no breaking keywords → 🟢 safe to update

What Gets Skipped

  • Containers using latest tag (no version to compare)
  • Digest-pinned images (sha256:... tags)
  • Non-Docker Hub registries (GHCR, ECR, etc.)
  • Private images (401/403 → skipped gracefully)
  • Non-semver tags (e.g. alpine, focal, slim)

GitHub Token (Optional)

Set GITHUB_TOKEN env var to increase GitHub API from 60 → 5,000 req/hr:

export GITHUB_TOKEN=ghp_yourtoken

Reference

See references/setup-guide.md for scheduling, rate limits, and how image matching works.

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…