Trust Assessment
arcane-docker-manager received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Arbitrary command execution via API endpoint, Broad administrative access to Docker environment.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution via API endpoint The skill exposes an API endpoint (`POST /containers/{id}/exec`) that allows executing arbitrary commands inside a running Docker container. If the AI agent is prompted to use this endpoint with user-controlled input for the `command` field, it can lead to severe command injection, allowing an attacker to run any command within the target container, potentially leading to data exfiltration, privilege escalation, or system compromise. Implement strict input validation and sanitization for any user-provided commands passed to the `/containers/{id}/exec` endpoint. Consider restricting this functionality or requiring explicit human approval for execution of arbitrary commands. Ensure the agent's logic prevents direct user input from being passed to this field without validation. | LLM | SKILL.md:99 | |
| CRITICAL | Broad administrative access to Docker environment The skill provides comprehensive administrative capabilities over a Docker environment, including managing containers, images, networks, volumes, Docker Compose stacks, user accounts, and API keys. This level of access, if compromised, could allow an attacker to take full control of the Docker host, deploy malicious containers, exfiltrate data, or disrupt services. The default `http://localhost:3552/api` base URL further highlights the potential for local system compromise. Review the necessity of such broad permissions for the AI agent. Implement a principle of least privilege, granting only the minimum required API access. Consider breaking down the skill into smaller, more granular skills with limited scopes. Ensure robust authentication and authorization mechanisms are in place for the Arcane API itself. | LLM | SKILL.md:3 | |
| HIGH | Potential for sensitive data exfiltration via API endpoints The skill exposes multiple API endpoints that can be used to retrieve highly sensitive information. Specifically, `/containers/{id}/logs` and `/stacks/{id}/logs` can expose application logs, `/system/events` can reveal operational data, `/users` can list user details, and `/apikeys` can list authentication credentials. If an attacker gains control of the agent, they could leverage these endpoints to exfiltrate sensitive application data, system logs, or authentication credentials. Implement strict access controls and data masking where possible for sensitive API responses. Ensure the AI agent's internal logic prevents it from inadvertently exposing or transmitting data retrieved from these sensitive endpoints. Consider adding human-in-the-loop approval for requests to highly sensitive endpoints like `/apikeys` or `/users`. | LLM | SKILL.md:340 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/cougz/arcane-docker-manager/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/a8fd052c2b1e8b1d)
Powered by SkillShield