Docker Pilot

Security checks across malware telemetry and agentic risk

Overview

This Docker management skill is mostly coherent, but its first-run instructions can make broad persistent changes to all running containers and the host without enough per-action scoping.

Review before installing if you only need Dockerfile advice or read-only Docker help. If installed, require the agent to list affected containers and get explicit approval before package installs, restart-policy changes, cleanup, daemon.json edits, volume removal, Compose down actions, or monitoring jobs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill declares itself the default for essentially any Docker-related task, which can cause over-broad activation in contexts that include risky lifecycle or destructive operations. In an agent setting, expansive auto-selection increases the chance the model applies powerful Docker instructions without sufficient task scoping or user intent validation.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The first-run setup recommends bulk-changing restart policies for all running containers without requiring impact review or confirmation. That can alter service behavior after crashes or reboots, unexpectedly resurrect intentionally stopped workloads, and create persistent operational changes across the host.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal