Docker Analyzer
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: docker-analyzer Version: 1.0.0 The skill contains a shell-to-python injection vulnerability in scripts/docker_analyzer.sh within the 'optimize' command. The shell variable '$image' is directly interpolated into a Python heredoc without sanitization, allowing for arbitrary code execution if a crafted image name is provided. While the tool's functionality aligns with its stated purpose of Docker image analysis, this lack of input validation represents a significant security flaw.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent is tricked into running `optimize` with a malicious image argument, code could run on the user's machine with the agent's local permissions.
The `optimize` command inserts the image argument directly into generated Python source. A crafted argument containing quotes or Python syntax could break out of the string and execute Python code locally.
image="${1:-}"
...
python3 << PYEOF
import subprocess, json
image = "$image"Pass the image argument to Python via `sys.argv` or an environment variable using a quoted heredoc, and validate Docker image names before use.
Container names, image names, build history, and Docker metadata may be shown to the agent or user output.
The skill uses the Docker CLI to enumerate local containers and images. This is expected for a Docker analyzer, but it means the agent can view local Docker inventory when invoked.
subprocess.check_output(["docker", "ps", "-a", "--format", "{{json .}}"]Use it only in Docker environments where this metadata is acceptable to inspect, and be cautious with images whose build history may contain secrets.
The skill may not run as expected unless the user already has the needed tools and command wiring available.
The included script requires Bash, Python, and Docker, but the registry metadata does not declare those runtime dependencies or an install mechanism for the `docker-analyzer` command.
Required binaries (all must exist): none ... Install specifications: No install spec — this is an instruction-only skill.
Declare required binaries and document how `scripts/docker_analyzer.sh` is installed or invoked as `docker-analyzer`.
Anyone allowing the agent to run this skill is allowing it to inspect Docker resources available to the current user.
The skill uses the user's existing Docker daemon privileges to inspect local Docker objects. This is purpose-aligned, and the artifacts do not show credential theft or destructive Docker actions.
docker inspect "$image" ... docker history --no-trunc "$image" ... docker system df
Run it with the least-privileged Docker access practical and review outputs before sharing them externally.