ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Docker Skill

v1.0.0

Installs and uses Docker reliably with official docs. Use when installing Docker (Desktop or Engine), building or running containers, writing Dockerfiles, us...

0· 844·6 current·6 all-time
by@austindixson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and instructions consistently focus on installing, configuring, and using Docker. The declared dependency (presence of docker CLI) matches the stated purpose and there are no unrelated binaries, env vars, or config paths requested.
Instruction Scope
Instructions stay within Docker's scope (install steps, Dockerfile guidance, compose). They include potentially impactful system commands (removing conflicting packages with apt, adding a user to the docker group, starting services) and recommend an official convenience script (curl https://get.docker.com && sh). These are expected for Docker setup but are operationally sensitive and should be run with care; the skill does not instruct the agent to read unrelated files or exfiltrate data.
Install Mechanism
This is an instruction-only skill with no install spec written to disk. All download URLs referenced are official Docker domains (desktop.docker.com, docs.docker.com, get.docker.com). The only higher-risk operation suggested is fetching and executing the official get-docker.sh script — this is common in Docker docs but involves executing remote script code, which is a standard-but-sensitive action.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or system-wide credentials.
Persistence & Privilege
always:false and no install artifacts are requested. The skill's runtime actions (start service, add user to docker group) are appropriate for installing/using Docker and do not modify other skills or global agent configuration.
Assessment
This skill appears to do what it says: guide installation and use of Docker using official docs. Before running any commands it suggests, verify they match your OS/version and your security policies. Specific cautions: (1) The apt removal commands and package installs are destructive if run blindly—inspect them before executing. (2) The convenience script (get.docker.com) is official but downloads and runs a shell script from the network; prefer package-manager installs for production. (3) Adding a user to the docker group gives that user effective root-level container privileges—treat that as a security decision. (4) Commands like docker system prune and force-removals can delete data; back up anything important. If you need higher assurance, follow the official Docker docs yourself rather than running remote scripts, and avoid running recommended commands with sudo in environments you don't control.

Like a lobster shell, security has layers — review code before you run it.

latestvk975b5anae66xzyjj2afwdnsws81q9vb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any bindocker

Comments