Trust Assessment
docker-essentials received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Broad Docker Command Execution Capability, Potential Data Exposure via Host Volume Mounts.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Docker Command Execution Capability The skill provides extensive examples of `docker` and `docker-compose` commands, including `docker run`, `docker exec`, and `docker-compose exec`. These commands allow for arbitrary code execution within containers, mounting host directories, and managing system resources. While this is the intended functionality of a Docker skill, it grants a high level of privilege. An AI agent using this skill could be prompted to execute malicious commands or configurations, potentially leading to host compromise or data manipulation if not carefully controlled. The manifest explicitly requires the 'docker' binary, confirming the intent for shell execution. Implement strict input validation and sanitization for any user-provided arguments passed to Docker commands. Ensure the LLM is constrained from generating or accepting arbitrary commands for execution. Consider using an allow-list for specific, safe Docker commands or arguments if possible, or require explicit user confirmation for commands that modify the system or execute arbitrary code. | LLM | SKILL.md:30 | |
| MEDIUM | Potential Data Exposure via Host Volume Mounts The skill includes examples like `docker run -v $(pwd):/app` and `docker run -v /host/path:/container/path`. These commands mount host directories into containers. If an untrusted or malicious container image is used, or if the `$(pwd)` resolves to a sensitive directory, data from the host system could be exposed to the container and potentially exfiltrated. This creates a vector for data exfiltration. Advise users to be cautious when mounting host directories, especially `$(pwd)` or sensitive paths, into containers from untrusted images. For automated execution, ensure that only trusted images are used and that mounted paths are restricted to non-sensitive data. Implement checks to prevent mounting of critical system directories. | LLM | SKILL.md:149 |
Scan History
Embed Code
[](https://skillshield.io/report/78fe2b37084f44b0)
Powered by SkillShield