When to Use

Name: docker
Author: ivangdavila

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

40Medium

The skill introduces a supply chain risk by suggesting

ThreatsCI SM CS BC S HITL

Behavior Analysis

Mismatch detected — The skill's stated purpose implies it will 'apply' Docker guidance or be used 'when the task involves Docker' in an active capacity. However, the actual content is purely informational and advisory, acting as a reference guide rather than an automation or execution tool.

Claims to do

When to Use: Use when the task involves Docker, Dockerfiles, container builds, Compose, image publishing, networking, volumes, logs, debugging, or production container operations. This skill is stateless and should be applied directly whenever Docker work appears.

Actually does

This skill provides extensive textual guidance, best practices, and common pitfalls related to Docker, Dockerfiles, Docker Compose, networking, volumes, and security. It describes various `docker` CLI commands and concepts but does not execute any commands or interact with the Docker daemon itself.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learningclean

Behavioural ControlAction1 finding

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameivangdavila/docker

Registryclawhub

Version1.0.4

PURLpkg:clawhub/ivangdavila/docker@1.0.4

Stars21

Downloads10,516

Installs149

Source

Repository ↗

SHA-256463cbf009dd9...

SHA-10766d2817d70...

MD5546080803bed...

TLSH0da1b449efa9...

ssdeep96:QCI6vndL4...

Size4,803 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/ivangdavila/docker

10,516 downloads149 installs

ClawHubDocs

openclaw skills install ivangdavila/docker

Assessments (2)

AI Agent Traps ↗

Description Mismatchmediumdescription mismatch

The skill's stated purpose implies it will 'apply' Docker guidance or be used 'when the task involves Docker' in an active capacity. However, the actual content is purely informational and advisory, acting as a reference guide rather than an automation or execution tool.

85% confidence

Stated purpose: 'the agent needs Docker guidance and should apply it by default.' Actual content: A collection of descriptive rules, traps, and debugging tips, with no executable code or command sequences for the skill to run.

Potential Supply Chain Risk via Related Skillsinfosupply chain

The skill suggests installing related skills ('devops', 'linux', 'server') via 'clawhub install'. This mechanism introduces a supply chain risk if any of the suggested skills are compromised or malicious.

80% confidenceline 103

Install with clawhub install <slug> if user confirms: - devops - linux - server

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/docker.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/docker)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/docker"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/docker.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/docker.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow