ClawHub

docker-ci-release-pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Docker CI/CD helper that generates container build, test, scan, and publish workflow artifacts, but users should review registry-publishing settings before enabling them.

Before installing or using this skill, treat generated workflow files as release infrastructure: verify publish branches and tags, registry destination, image visibility, workflow permissions, and secret usage before merging or running them. Prefer requiring explicit confirmation before enabling push-to-registry steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases shown in the README are very broad generic terms like “Docker构建”, “镜像发布”, and “CI/CD”. In an agent environment, such vague triggers can cause accidental invocation during ordinary discussion, leading the skill to generate or suggest repository-affecting pipeline and release artifacts when the user did not explicitly intend to perform release-oriented actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes producing Dockerfiles, compose files, GitHub Actions workflows, and image publication flows, but does not warn that these outputs can change repository automation and push images to registries. In this context, the skill operates on CI/CD and release infrastructure, so missing safety guidance increases the chance of users applying generated artifacts that expose secrets, alter build provenance, or publish vulnerable or unintended images.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase includes the very broad term "CI/CD", which can cause the skill to activate in contexts far beyond Docker image publishing. In a skill that can generate workflows and publish artifacts to remote registries, overbroad activation increases the chance of accidental invocation and unintended release-related actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description emphasizes automation of build, scan, and publish actions but does not clearly warn users that it can produce workflows that push Docker images to a remote registry. In practice, this reduces informed consent and can lead users to adopt automation that performs external publication or release actions they did not fully intend.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "GitHub Actions" is very broad and can activate this skill for many unrelated CI/CD questions, causing the agent to inject release-pipeline behavior outside the user's actual intent. In a skill that generates build, test, scan, and image-publish workflows, over-broad activation increases the chance of unintended workflow generation or repository-oriented actions in the wrong context.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger set includes ambiguous phrases like "Docker构建", "镜像发布", and "CI/CD", which are common terms spanning many benign or unrelated requests. Because this skill can produce end-to-end release automation and interact with GitHub workflow results, ambiguous matching can cause over-selection and execution in situations where the user did not request pipeline creation or release assistance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal