ClawHub

Dockerfile Optimizer

v1.0.1

Review and optimize Dockerfiles to reduce layer count, minimize image size, and improve build times. Trigger when the user asks to review a Dockerfile, make...

0· 42·0 current·0 all-time
byXudong Guo@sunny0826
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (optimize Dockerfiles for size, layers, build time, and security) match the SKILL.md and README guidance. There are no unrelated required env vars, binaries, or config paths.
Instruction Scope
The runtime instructions focus on analyzing provided Dockerfile content and returning an optimized Dockerfile plus explanations. They do not instruct the agent to read system files, access credentials, or transmit data to external endpoints. The SKILL.md includes sensible safeguards (language detection, warning about Alpine/musl compatibility, `.dockerignore` reminders).
Install Mechanism
No install spec and no code files — this is instruction-only. Nothing will be downloaded or written to disk by an installer, which minimizes risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The instructions do not reference any hidden env vars or secrets.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by platform default but the skill itself does not ask for elevated or persistent presence.
Assessment
This skill appears coherent and low-risk: it only needs the Dockerfile text you provide and will return an optimized Dockerfile plus explanations. Before using it, avoid pasting secrets or credentials into the Dockerfile content you send; be prepared to test the suggested Dockerfile locally because changes like switching to Alpine or using a different libc (musl) can break binaries or native dependencies; and review the recommended changes (user/account permissions, base image, multi-stage builds) to ensure they don't change runtime behavior for your app. If you want the skill to analyze a whole repository, prefer sending only the Dockerfile and related manifest files (package.json, go.mod, requirements.txt) rather than full source with secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk979crqpnb9bgfg9pthbyemn1d843my3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments