Security Audit

docker-essentials

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

docker-essentials received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Broad Host System Access and Potential Data Exposure via Docker Commands.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Broad Host System Access and Potential Data Exposure via Docker Commands The skill provides and implicitly encourages the use of a wide range of Docker commands that grant extensive control over the host system. This includes commands for arbitrary filesystem access (`docker run -v`, e.g., `$(pwd)` exposing the agent's current working directory), process execution within containers (`docker exec`), and system-wide resource management (`docker system prune --volumes`, `docker rm -f`). The skill's manifest explicitly requires the `docker` binary, which typically operates with elevated privileges. If the agent's working directory contains sensitive information, or if these powerful commands are misused or provided with malicious input, it could lead to data exfiltration, unauthorized access, or significant host system compromise and data loss. Implement strict input validation and sanitization for any user-provided arguments to Docker commands. Restrict the agent's execution environment to minimize exposure of sensitive host directories. Consider using Docker's security features (e.g., user namespaces, seccomp profiles) or running the Docker daemon in a highly isolated environment. Limit the scope of Docker commands exposed by the skill to only those strictly necessary for its intended, safe operation.	LLM	SKILL.md:195

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/816e6af711a817a5.svg)](https://skillshield.io/report/816e6af711a817a5)