Dockerlabs
v2.0.0Learn Docker hands-on with tutorials on containers and orchestration. Use when studying Docker, practicing networking, exploring swarm mode.
⭐ 0· 107·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name/description describe a local Docker learning/logging toolkit, and the included script implements that behavior (local logs under ~/.local/share/dockerlabs). However there is a metadata mismatch: SKILL.md lists runtime: python3 and a Requirements line (bash 4+ and standard Unix utilities), while the shipped executable is a Bash script. Registry metadata earlier showed no required binaries — this is inconsistent but likely sloppy metadata rather than malicious.
Instruction Scope
SKILL.md and scripts instruct only local operations: recording entries, searching logs, exporting to JSON/CSV/TXT, and reporting status. The runtime instructions and the script stay within the stated purpose and only read/write files under the user's home data directory. There are no instructions to read unrelated system files or send data externally.
Install Mechanism
There is no install spec (instruction-only), which is low risk. A code file (scripts/script.sh) is included; running it will create and modify files under ~/.local/share/dockerlabs. This is expected, but users should be aware the skill includes executable shell code that will run locally if invoked.
Credentials
The skill requests no environment variables or credentials. The script uses $HOME to place logs under ~/.local/share/dockerlabs — this is proportional to its purpose. There are no requests for unrelated secrets, cloud keys, or config paths.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It only writes to its own data directory and does not modify other skills or system-wide configuration.
Scan Findings in Context
[pre-scan-injection-signals-none] expected: Static pre-scan reported no injection signals. The included script contains local file I/O and text processing but no network calls, credential access, or obvious obfuscated code.
Assessment
This skill appears to be a local logging/utility tool and not malicious, but review a few points before installing or running it: 1) Metadata mismatches: SKILL.md lists runtime: python3 and a Requirement for bash 4+, while the included executable is a Bash script — the script is the real runtime. 2) Local file writes: the tool creates and appends logs under ~/.local/share/dockerlabs; exported files (json/csv/txt) will contain those entries. Avoid recording sensitive secrets into the logs, and inspect existing files if you are concerned. 3) No network/credential use was found, but you should still review scripts/script.sh yourself (or run it in a sandbox) before invoking. 4) The registry lists no homepage; the SKILL.md advertises BytesAgain and an email address — if provenance matters, verify the author (bytesagain.com) before trusting long-term use. 5) There is a minor bug risk (the JSON export uses a literal "\n]" append which may produce invalid JSON) — test exports if you rely on them. If you want higher assurance, run the tool in a disposable container or VM and inspect the created files and behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97b15r4ysjmt3ar7cz6vmjyrn8377g2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.