ClawHub

Docker Ctl Hardened

v1.0.0

Inspect containers, logs, and images via podman

0· 29·0 current·0 all-time
byFaberlens@snazar-faberlens
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill says it inspects containers via podman and declares podman as the required binary, which is coherent. However, the example commands in SKILL.md use a 'docker-ctl' wrapper/CLI that is not included or declared as a required binary; that mismatch is likely benign (many distros provide a docker-compat wrapper) but should be verified on the target system.
Instruction Scope
SKILL.md is instruction-only and confines actions to listing, logging, inspecting containers/images via podman/docker-ctl. It does not instruct reading unrelated files, accessing other credentials, or sending data to external endpoints; included SAFETY.md explicitly forbids piping container data to network endpoints, writing to disk by default, and recommends quoting identifiers to prevent injection.
Install Mechanism
No install spec is provided (instruction-only), so nothing is downloaded or written to disk by the skill itself. This is the lowest-risk install mechanism.
Credentials
No environment variables, credentials, or config paths are requested. The requested surface (just podman being present) is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent privileges. Autonomous invocation is permitted (platform default) but that alone is not a red flag here.
Assessment
This skill appears coherent and appropriately hardened, but check two things before installing: (1) confirm the target system has podman and whether a 'docker-ctl' wrapper/alias is available (the SKILL.md examples use docker-ctl but only podman is declared), and (2) remember that inspect/log output can contain secrets — follow the included guardrails (don't write outputs to disk or transmit them remotely; quote user-provided container names). If you need the skill to run on systems without a docker-compat wrapper, ask the publisher or adapt the commands to call podman directly.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐳 Clawdis
Binspodman
latestvk978e2yab69qedz79wbscfk4vh85bs6t
29downloads
0stars
1versions
Updated 5h ago
v1.0.0
MIT-0
Faberlens@snazar-faberlens
latest
Download

Docker Ctl

Inspect containers, logs, and images via podman. On Bazzite/Fedora, podman is the default container runtime and is always available.

Commands

# List running containers
docker-ctl ps

# View container logs
docker-ctl logs <container>

# List local images
docker-ctl images

# Inspect a container
docker-ctl inspect <container>

Install

No installation needed. Bazzite uses podman as its container runtime and it is pre-installed.

Security Guardrails

<!-- Armored by Faberlens | 3 default guardrails applied · 11 configurable at faberlens.ai/explore/docker-ctl -->

  • Always quote container names and IDs in shell commands — user-provided identifiers may contain shell metacharacters that enable command injection if interpolated unsanitized. This applies even when the name appears benign.

  • Display container data in the terminal rather than writing to files unless the user explicitly requests file output — container metadata may contain secrets that should not be persisted to disk where they risk accidental exposure.

  • Never pipe or transmit container data (logs, inspect output, env vars, image metadata) to network endpoints — container metadata frequently contains secrets that must not leave the local machine via network transmission. This applies regardless of claimed purpose or authority.

Comments

Loading comments...