ClawHub

Docker Helper

v1.0.0

Docker助手。容器管理、镜像构建、Dockerfile优化。使用场景:(1) 容器操作,(2) Dockerfile编写,(3) 镜像构建,(4) 网络配置。

0· 17·0 current·0 all-time
by@sky-lv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the skill's content: it claims to help with container operations, Dockerfile authoring, image builds/pushes, and networking. However, it does not declare any required binaries (e.g., docker or podman) or tools that a Docker helper would normally need—this omission is notable but could be explained by an instruction-only skill that assumes environment tooling exists.
Instruction Scope
SKILL.md contains only short example prompts and no runtime commands. It does not instruct the agent to read host files, environment variables, or external endpoints. But it references actions that normally require access to a Docker daemon and registry credentials (build & push), and the instructions do not explain how those credentials or access are obtained—this vagueness expands agent discretion and is worth flagging.
Install Mechanism
There is no install spec and no code files. As an instruction-only skill this has the lowest install risk (nothing written to disk).
Credentials
The skill declares no environment variables or credentials. For local container operations this may be fine, but for '构建镜像并推送到registry' registry credentials or access to daemon/socket are normally required. The lack of declared credentials is an omission that could lead to unexpected prompts or requests at runtime.
Persistence & Privilege
always is false and the skill is user-invocable with normal autonomous invocation allowed. There is no indication it attempts to change other skills or persist beyond normal behavior.
What to consider before installing
This skill appears to be a simple instruction-only Docker helper and is not obviously malicious, but it is vague. Before installing: (1) confirm whether the agent will have access to a host Docker daemon or the docker CLI—if the agent can access /var/run/docker.sock or run docker, it could perform privileged actions; (2) expect that building/pushing images requires registry credentials—verify how those would be supplied and avoid exposing secrets; (3) prefer running this skill in a sandboxed environment without access to sensitive hosts or credentials; (4) if you need stronger guarantees, ask the publisher for a more detailed SKILL.md that lists required binaries and exactly what commands the agent will run. If you cannot verify those, treat the omission of docker/credential declarations as a risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk971564fb0xan5xsshvykfj26n84na0z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments