Security Audit

ailabs-393/ai-labs-claude-skills:dist/skills/docker-containerization

github.com/ailabs-393/ai-labs-claude-skills

AI SkillCommit 1a12bc7aadcc

CRITICAL

Scanned 18 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

ailabs-393/ai-labs-claude-skills:dist/skills/docker-containerization received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 7 findings: 4 critical, 1 high, 2 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: Environment file, Command Injection via `eval` in docker-build.sh.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.

Last analyzed on March 14, 2026 (commit 1a12bc7a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

40%

Static Code Analysis

86%

Dependency Graph

100%

LLM Behavioral Safety

25%

Behavioral Risk Signals

Network Access

3 findings

Filesystem Write

5 findings

Shell Execution

4 findings

Dynamic Code

2 findings

Excessive Permissions

5 findings

Security Findings7

Severity	Finding	Layer	Location
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	dist/skills/docker-containerization/SKILL.md:49
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	dist/skills/docker-containerization/scripts/docker-run.sh:45
CRITICAL	Command Injection via `eval` in docker-build.sh The `scripts/docker-build.sh` script constructs a `DOCKER_CMD` string using various user-controlled inputs (e.g., image name, tag, platform, build arguments) and then executes it using `eval`. This allows a malicious user to inject arbitrary shell commands by providing specially crafted input to options like `-n`, `-t`, `--platform`, or `-b`. For example, an input like `-n 'my-app; rm -rf /'` would execute `rm -rf /` on the host system. Avoid using `eval` with user-controlled input. Instead, construct the `docker build` command as an array and execute it directly, or carefully sanitize all user inputs to prevent shell metacharacters from being interpreted. For example, use `docker build "$IMAGE_NAME:$TAG" ...` directly without `eval`.	LLM	scripts/docker-build.sh:105
CRITICAL	Command Injection via `eval` in docker-run.sh The `scripts/docker-run.sh` script constructs a `DOCKER_CMD` string using various user-controlled inputs (e.g., container name, image name, tag, port mappings, volume mounts, network, restart policy) and then executes it using `eval`. This allows a malicious user to inject arbitrary shell commands by providing specially crafted input to options like `-n`, `-i`, `-t`, `-p`, `-v`, `--network`, or `--restart`. For example, an input like `-n 'my-container; rm -rf /'` would execute `rm -rf /` on the host system. The volume mount option (`-v`) is particularly dangerous as it can be used to mount sensitive host directories and then inject commands. Avoid using `eval` with user-controlled input. Instead, construct the `docker run` command as an array and execute it directly, or carefully sanitize all user inputs to prevent shell metacharacters from being interpreted. For example, use `docker run --name "$CONTAINER_NAME" ...` directly without `eval`.	LLM	scripts/docker-run.sh:140
HIGH	Excessive Permissions via Arbitrary Volume Mounts in docker-run.sh The `scripts/docker-run.sh` script allows users to specify arbitrary volume mounts via the `-v` or `--volume` option. If a malicious user can control this input, they could mount sensitive host directories (e.g., `/`, `/etc`, `/root`) into the running container. This could lead to data exfiltration from the host system, or privilege escalation if the container is run with elevated privileges or a vulnerable application that can access the mounted host files. Restrict the allowed paths for volume mounts. Instead of allowing arbitrary paths, define a whitelist of safe directories that can be mounted, or implement a mechanism to ensure that only intended and non-sensitive host paths are exposed. If arbitrary mounts are necessary, ensure the container runs with the least possible privileges and that the application within the container is hardened against file system access vulnerabilities.	LLM	scripts/docker-run.sh:84
MEDIUM	Sensitive path access: Environment file Access to Environment file path detected: '.env.production'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	dist/skills/docker-containerization/SKILL.md:49
MEDIUM	Sensitive path access: Environment file Access to Environment file path detected: '.env.production'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	dist/skills/docker-containerization/scripts/docker-run.sh:45

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/2f89c8f8f99646fc.svg)](https://skillshield.io/report/2f89c8f8f99646fc)