ClawHub
Back to skill
v1.0.0

Docker Ctl

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:18 AM.

Analysis

This is a narrow, read-only container inspection skill, with minor notes that it can read container logs/metadata and references a docker-ctl command that the artifacts do not install.

GuidanceInstall this only if you want the agent to inspect local Podman containers. Be careful with container logs and inspect output because they can contain sensitive operational data, and verify the `docker-ctl` command source before relying on it.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
# View container logs
docker-ctl logs <container>

# Inspect a container
docker-ctl inspect <container>

The skill gives the agent commands to read local container logs and metadata. This is expected for the stated purpose, but such output may include sensitive runtime details or environment configuration.

User impactIf used on sensitive containers, the agent may display logs or inspect data that include secrets, internal hostnames, tokens, or operational details.
RecommendationUse it only for containers you are comfortable inspecting, and review log/inspect output before sharing it elsewhere.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
"requires": { "bins": ["podman"] },
"install": []
...
docker-ctl ps

The metadata requires podman and declares no install step, while the documented examples invoke `docker-ctl`. That command's source is not established by the supplied artifacts.

User impactThe documented command may fail, or could resolve to a separate local command not provided by this skill.
RecommendationConfirm what `docker-ctl` resolves to in your environment, or prefer explicit trusted podman commands for container inspection.