← Back to Skills Marketplace
Docker Analyzer
by
bytesagain4
· GitHub ↗
· v1.0.0
· MIT-0
273
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install docker-analyzer
Description
A tool for exploring each layer in a docker image Based on wagoodman/dive (53,557+ GitHub stars). docker analyzer, go, cli, docker, docker-image, explorer, i...
README (SKILL.md)
Docker Analyzer
A tool for exploring each layer in a docker image
Inspired by wagoodman/dive (53,557+ GitHub stars).
Commands
help- Helprun- Runinfo- Infostatus- Status
Features
- Core functionality from wagoodman/dive
Usage
Run any command: docker-analyzer \x3Ccommand> [args]
Disclaimer: This skill is an independent, original implementation. It is not affiliated with, endorsed by, or derived from the referenced open-source project. No code was copied. The reference is for context only.
Powered by BytesAgain | bytesagain.com | [email protected]
Usage Guidance
This skill appears to do what it claims: local inspection and simple optimization suggestions for Docker images. Before installing: (1) confirm you are comfortable granting the agent access to the Docker daemon (it will run docker commands and can read image/container metadata and compose files); (2) review the small script (scripts/docker_analyzer.sh) yourself — it is short and readable — to ensure no changes or hidden endpoints; (3) if you plan to run it in a sensitive environment (CI, production hosts with privileged sockets), prefer running it in an isolated environment or as a user without broad Docker privileges; (4) note the metadata omission (required binaries not declared) — expect to have docker and python3 available for the skill to work. If you want higher assurance, request the upstream source or a reproducible build provenance for the implementation.
Capability Analysis
Type: OpenClaw Skill
Name: docker-analyzer
Version: 1.0.0
The skill contains a shell-to-python injection vulnerability in scripts/docker_analyzer.sh within the 'optimize' command. The shell variable '$image' is directly interpolated into a Python heredoc without sanitization, allowing for arbitrary code execution if a crafted image name is provided. While the tool's functionality aligns with its stated purpose of Docker image analysis, this lack of input validation represents a significant security flaw.
Capability Assessment
Purpose & Capability
The name/description (Docker image layer explorer) align with the code: the script runs docker commands to inspect images, history, layers, sizes, and compose files. However, the skill metadata declares no required binaries while the script clearly requires docker and python3 to function — this is a mismatch in declared requirements (likely an oversight) but not malicious.
Instruction Scope
SKILL.md and the included script limit actions to local Docker operations: docker images/ps/inspect/history/system df/compose and optional reading of a docker-compose.yml file. The instructions do not attempt to read unrelated system files, export secrets, or call external network endpoints. Output is printed to stdout; no hidden exfiltration or remote endpoints are present.
Install Mechanism
There is no install spec (instruction-only) and the packaged script is a local bash file that calls python3 — no remote downloads or archive extraction are used. Note: SKILL.md declares runtime: python3 while the shipped entrypoint is a bash script that embeds python snippets; this is a minor inconsistency but not an install risk.
Credentials
The skill requests no environment variables or credentials. It does, however, require access to the Docker daemon (via the docker CLI / unix socket), which implicitly requires that the agent/user has permission to use Docker. That access allows reading image/container metadata and any exposed container information — expected for this tool, but higher-privilege than a pure local utility without daemon access.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system configuration, and has no install-time persistence mechanisms. Autonomous invocation is allowed (platform default) but the skill itself has no special persistence or privileged system changes.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install docker-analyzer - After installation, invoke the skill by name or use
/docker-analyzer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Docker Analyzer?
A tool for exploring each layer in a docker image Based on wagoodman/dive (53,557+ GitHub stars). docker analyzer, go, cli, docker, docker-image, explorer, i... It is an AI Agent Skill for Claude Code / OpenClaw, with 273 downloads so far.
How do I install Docker Analyzer?
Run "/install docker-analyzer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Docker Analyzer free?
Yes, Docker Analyzer is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Docker Analyzer support?
Docker Analyzer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Docker Analyzer?
It is built and maintained by bytesagain4 (@xueyetianya); the current version is v1.0.0.
More Skills