Dockerfile Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a simple Dockerfile review helper that gives optimization advice and does not install code, request credentials, or run background actions.

Safe to install for Dockerfile optimization help. Users should still review and test any suggested Dockerfile changes because base image swaps, Alpine/musl use, non-root users, and multi-stage builds can change application behavior. Avoid pasting secrets into Dockerfiles or related manifest snippets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The manifest description uses broad trigger phrases like reviewing a Dockerfile, making an image smaller, speeding up builds, and asking for Docker best practices without clear scoping boundaries. This can cause the skill to activate in a wide range of contexts, increasing the chance it is invoked on unrelated or sensitive content and amplifying any unsafe optimization guidance the skill may provide.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal