Docker Volume Backup Or Restore
ReviewAudited by ClawScan on May 10, 2026.
Overview
This Docker backup skill is mostly purpose-aligned, but it automatically installs unpinned packages at runtime inside a container that can read all Docker volumes and the backup password.
Review the script before use, pre-test with `--dry-run`, specify an explicit private registry image, and avoid running it on shared hosts. Consider replacing the runtime `apk add` step with a reviewed helper image that already includes pinned tools before using it for sensitive Docker volumes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or unexpected package source could affect the backup process and potentially access the mounted volume data or encryption password during backup.
The script automatically installs unpinned Alpine packages at backup time inside the helper container. That container receives the encryption password and read-only mounts of all Docker volumes, while the SKILL.md frames the helper as fixed-digest and pre-pulled for safety.
docker run ... "$HELPER_IMAGE" sh -lc '
apk add --no-cache openssl tar >/dev/null
mkdir -p /artifact/volumesUse a helper image that already contains pinned, reviewed crypto/archive tools, disclose any runtime package installation, and consider disabling network access during the backup container run.
Running the commands without checking targets can cause downtime, large registry uploads, or overwritten application data.
The skill uses powerful Docker operations that can interrupt services, upload volume backups, and overwrite local volume contents. These actions are aligned with the stated purpose and are disclosed, but they are high-impact.
Stops containers ... Builds a `scratch`-based image ... Pushes the image to the registry ... Restore mode will overwrite existing data if a volume with the same name already exists.
Run `--dry-run` first, explicitly specify the backup image, verify the registry is private, and confirm restore targets before allowing execution.
Other local users or administrative tooling may be able to observe the encryption password during execution, depending on the host configuration.
The backup password is expected for encryption, but the script requires it as a command-line argument and passes it into the helper container environment, which can expose it to local process/environment inspection while running.
ENCRYPT_PASSWORD="$1"; ... export ENCRYPT_PASSWORD ... docker run ... -e ENCRYPT_PASSWORD="$ENCRYPT_PASSWORD"
Use a strong unique backup password, avoid shared hosts and saved shell history, and consider modifying the script to prompt securely or read the password from a protected file descriptor.