Back to skill

Security audit

Dolphindb Docker

Security checks across malware telemetry and agentic risk

Overview

This skill deploys DolphinDB as advertised, but it exposes broad host system files to the container and changes Docker state without enough safeguards.

Install only if you are comfortable letting this skill manage Docker containers and expose host configuration files to a DolphinDB container. Before running it, remove or narrowly scope the /etc mount, make any needed mount read-only, use a dedicated data directory, check whether a container named dolphindb already exists, and bind ports to localhost or firewall them if remote access is not intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises executable shell-driven deployment behavior but does not declare corresponding permissions or operational capabilities in a transparent way. This weakens user consent and review controls, especially because the documented workflow includes Docker operations that can modify local system state and expose host resources to a container.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior exceeds the stated purpose in several security-relevant ways, most notably bind-mounting the host /etc directory into the container for license fingerprint collection. Mounting sensitive host configuration into a container can expose system identity, credentials, and configuration data, and undeclared container replacement or connectivity checks can also cause unexpected side effects on the host.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest omits a highly sensitive behavior: mounting the host /etc directory into the container to collect license fingerprint material. Because /etc often contains critical system configuration and sometimes secrets, hiding or under-documenting this behavior materially increases the risk of overexposure of host data to the container image.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script bind-mounts the host's entire /etc directory into the container, giving the container broad visibility into sensitive host configuration such as users, networking, certificates, and service settings. This is far broader than required for a DolphinDB deployment and significantly increases the blast radius if the container image, runtime process, or exposed service is compromised.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly instructs users to bind-mount the host's /etc directory into the container for license handling, which exposes sensitive system configuration, secrets, and identity-related files to the container. Even if intended for fingerprint collection, this is an overly broad mount with no warning or minimization, and it becomes dangerous if the image is compromised or the container is later misused.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented docker run command combines broad bind mounts, including /etc and a full persistent server directory, with published network ports but provides no security warning about host data exposure or service reachability. In practice this can expose sensitive host files to the container and make the database reachable from other systems, especially on misconfigured or shared hosts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script unconditionally stops and removes any existing container with the chosen name before starting a new one, without prompting the user or validating that the target is the expected DolphinDB container. This can destroy an unrelated container's state or availability if the name is reused or supplied incorrectly, making the deployment script operationally dangerous.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.