docker-container-rerun-all
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A stale, mistaken, or poisoned memory entry could cause the agent to recreate a container with the wrong command when --apply is used.
If the expected header is missing, the script scans the entire MEMORY.md for docker run code blocks and forwards the matched recreate command into the update/apply workflow. That makes persistent memory entries a high-impact authority for container recreation.
else:
target_text = memory_text
...
blocks = re.findall(r'```(?:bash|sh)?\s*\n(.*?)\n\s*```', target_text, re.DOTALL)
...
cmd = ['python3', str(SINGLE_SCRIPT), '--container-name', container_name, '--recreate-command', recreate_command]
if apply: cmd.append('--apply')Before using --apply, manually review the relevant MEMORY.md section and the exact recreate commands for every matched container; consider requiring the script to fail closed when the expected section is missing.
Using --apply can interrupt running services or change container configuration if the remembered recreate command is wrong.
The skill clearly discloses that apply mode can perform disruptive Docker operations. This is aligned with its purpose, but it is still high-impact local mutation.
Add `--apply` only when the user explicitly wants to recreate containers that need updates ... may stop, remove, and recreate matching containers sequentially
Run the default non-apply mode first, inspect the proposed results and memory commands, and use --apply only when you accept service interruption risk.
The safety of this skill depends on the installed sibling docker-container-rerun implementation.
The high-impact per-container workflow is delegated to a sibling skill script that is not included in this artifact set or pinned by version here.
SINGLE_SCRIPT = SKILL_DIR.parent / 'docker-container-rerun' / 'scripts' / 'update_docker_run_container.py'
Verify that the sibling skill is installed from a trusted source and review its script before allowing this wrapper to run apply mode.