Docker Manager
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Docker management skill, but it can run powerful Docker actions like forced cleanup, deletion, and container command execution without built-in confirmation.
Install only if you want the agent to administer Docker on this machine. Before allowing stop, remove, prune, or exec actions, confirm the exact container/image/volume and understand that cleanup commands may remove resources without another prompt.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad cleanup command could remove Docker resources and disrupt local development or services.
The prune implementation can force broad Docker cleanup without Docker's normal confirmation prompt, including image and volume prune paths elsewhere in the same function.
run_cmd([DOCKER_CMD, "system", "prune", "-a", "-f"])
Require explicit user confirmation before stop/delete/prune operations, avoid force flags by default, and prefer named-resource or dry-run workflows for cleanup.
Commands run inside containers may change application state, files, or running processes.
The skill can execute a user-supplied command inside a selected Docker container. This is purpose-aligned for Docker administration, but it is still a powerful capability.
cmd = [DOCKER_CMD, "exec", "-it", args.name] + args.cmd.split()
Only run container exec commands when the target container and command are explicitly chosen and understood.
If installed where Docker access is equivalent to administrative control, the skill can affect containers, images, volumes, and potentially host-adjacent resources.
Using the Docker CLI means the skill operates with the caller's Docker daemon permissions, which can be highly privileged on many systems.
"requires": {"bins": ["python3", "docker"]}Use this only in environments where the agent is allowed to administer Docker, and avoid granting Docker access on sensitive hosts unless necessary.
Users have less external context for maintainer trust or update provenance.
The package has no declared upstream source or homepage, making provenance harder to verify even though the included code is visible.
Source: unknown; Homepage: none
Review the included script before use and prefer a trusted, traceable source for administrative tooling.