Security Audit

ailabs-393/ai-labs-claude-skills:packages/skills/docker-containerization

github.com/ailabs-393/ai-labs-claude-skills

AI SkillCommit 1a12bc7aadcc

CRITICAL

Scanned 18 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

ailabs-393/ai-labs-claude-skills:packages/skills/docker-containerization received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 7 findings: 4 critical, 1 high, 2 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: Environment file, Command Injection via unsanitized build arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 11/100, indicating areas for improvement.

Last analyzed on March 14, 2026 (commit 1a12bc7a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

40%

Static Code Analysis

11%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

5 findings

Shell Execution

5 findings

Dynamic Code

2 findings

Excessive Permissions

4 findings

Security Findings7

Severity	Finding	Layer	Location
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	packages/skills/docker-containerization/SKILL.md:49
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	packages/skills/docker-containerization/scripts/docker-run.sh:45
CRITICAL	Command Injection via unsanitized build arguments The `scripts/docker-build.sh` script uses `eval` to execute a `docker build` command. The `BUILD_ARGS` variable, which is constructed directly from user-provided input (`-b` or `--build-arg` options), is concatenated into the command string without proper quoting or sanitization. This allows an attacker to inject arbitrary shell commands by providing a malicious string as a build argument, which will be executed by `eval`. Avoid using `eval` with user-controlled input. Instead, construct the command as an array and use `exec` or `bash -c` with proper quoting. For `docker build`, ensure all arguments derived from user input are properly escaped or passed as separate arguments to `docker build` directly, rather than being concatenated into a single string for `eval`.	Static	scripts/docker-build.sh:90
CRITICAL	Command Injection via unsanitized volume mounts The `scripts/docker-run.sh` script uses `eval` to execute a `docker run` command. The `VOLUMES` variable, which is constructed directly from user-provided input (`-v` or `--volume` options), is concatenated into the command string without proper quoting or sanitization. This allows an attacker to inject arbitrary shell commands by providing a malicious string as a volume mount specification, which will be executed by `eval`. Avoid using `eval` with user-controlled input. Instead, construct the command as an array and use `exec` or `bash -c` with proper quoting. For `docker run`, ensure all arguments derived from user input are properly escaped or passed as separate arguments to `docker run` directly, rather than being concatenated into a single string for `eval`.	Static	scripts/docker-run.sh:109
HIGH	Data Exfiltration via --env-file option The `scripts/docker-run.sh` script allows users to specify an environment file via the `-e` or `--env-file` option. If an attacker provides a path to a sensitive file on the host system (e.g., `/etc/passwd`, `.env`), the script will include `--env-file /path/to/sensitive/file` in the `docker run` command. This will cause Docker to read the contents of the specified host file and expose them as environment variables inside the running container, potentially leading to data exfiltration from the host to the container. Implement strict validation for the `--env-file` path. Only allow files within a designated, non-sensitive directory, or disallow arbitrary paths. Consider sanitizing the input to prevent path traversal attacks. Alternatively, if the intent is to pass specific environment variables, use individual `--env` flags with validated key-value pairs instead of an entire file.	Static	scripts/docker-run.sh:80
MEDIUM	Sensitive path access: Environment file Access to Environment file path detected: '.env.production'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	packages/skills/docker-containerization/SKILL.md:49
MEDIUM	Sensitive path access: Environment file Access to Environment file path detected: '.env.production'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	packages/skills/docker-containerization/scripts/docker-run.sh:45

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/6f5d2f762753f6f9.svg)](https://skillshield.io/report/6f5d2f762753f6f9)