ClawHub
Back to skill
v1.0.0

Docker Pilot

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:21 PM.

Analysis

Docker Pilot is a coherent instruction-only Docker management skill with clear safety gates, but users should remember it can guide high-impact Docker operations.

GuidanceThis appears to be a purpose-aligned Docker operations guide rather than a malicious package. Before installing, be comfortable with an agent helping inspect and manage Docker resources, and do not approve destructive Docker commands unless you understand the affected containers, images, networks, and volumes.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
docker rm CONTAINER ... docker rmi IMAGE ... docker volume rm VOLUME ... docker system prune --volumes ... docker compose down -v

The skill documents Docker commands that can stop services, remove containers/images, and delete volumes. This is expected for a Docker operations skill, and the same section requires explicit confirmation before destructive actions.

User impactIf used carelessly, the agent could guide actions that cause service downtime or data loss, though the artifact includes confirmation gates.
RecommendationReview the listed impact before approving any stop, remove, prune, or compose-down command, especially when volumes are involved.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceMediumStatusNote
SKILL.md
Install both for full coverage: - `clawhub install docker` ... - `clawhub install docker-pilot`

The documentation recommends installing a separate companion skill. This is disclosed and purpose-aligned, but the companion skill is outside the provided artifact set.

User impactInstalling the companion skill would add additional instructions or capabilities not reviewed here.
RecommendationReview the companion Docker skill separately before installing it.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
_meta.json
"requires": { "bins": ["docker"] }

The skill requires access to the local Docker CLI. Docker access is powerful because it can manage containers, images, volumes, and networks under the user's Docker permissions.

User impactThe skill can operate with whatever Docker authority the current user has, which may affect important local or server workloads.
RecommendationUse it only on Docker environments where you intend the agent to inspect and manage resources, and keep confirmation requirements for disruptive actions.