← Back to Skills Marketplace
3133
Downloads
0
Stars
12
Active Installs
1
Versions
Install in OpenClaw
/install docker-diag
Description
Advanced log analysis for Docker containers using signal extraction.
README (SKILL.md)
\r \r
Docker Pro Diagnostic\r
\r When a user asks "Why is my container failing?" or "Analyze the logs for [container]", follow these steps:\r \r
- Run Extraction: Call
python3 {{skillDir}}/log_processor.py \x3Ccontainer_name>.\r - Analyze: Feed the output (which contains errors and context) into your reasoning engine.\r
- Report: Summarize the root cause. If it looks like a code error, suggest a fix. If it looks like a resource error (OOM), suggest increasing Docker memory limits.\r \r
Example Command\r
python3 log_processor.py api_gateway_prod
Usage Guidance
This skill is coherent with its stated purpose but contains a concrete vulnerability and access risk. The Python script runs 'docker logs' by building a shell command with the container name, which allows shell injection if container names come from untrusted input. Before installing or enabling: (1) ask the author to fix the script to avoid shell=True and to pass args as a list or use the docker SDK (e.g., subprocess.run(['docker','logs','--tail',str(max_lines),container_name]) or docker-py), (2) review logs it will read because container logs can contain secrets, (3) only grant Docker access in a controlled environment (or run the skill in an isolated agent), and (4) avoid giving it autonomous invocation in high-risk contexts until the code is sanitized. If you are not able to confirm the fix, treat this skill as potentially unsafe and do not run it against production containers.
Capability Analysis
Type: OpenClaw Skill
Name: docker-diag
Version: 1.0.0
The `log_processor.py` script is vulnerable to command injection due to the use of `shell=True` with user-controlled input (`container_name`) in the `subprocess.run` call. This allows an attacker to execute arbitrary commands on the host system by crafting a malicious container name. While the skill's stated purpose is diagnostic, this severe vulnerability represents a high-risk capability that could be exploited for malicious execution.
Capability Assessment
Purpose & Capability
Name/description match what the files do: the SKILL.md instructs running a bundled Python script that calls 'docker logs' and analyzes output. Declaring python3 and docker as required bins is coherent.
Instruction Scope
SKILL.md restricts behavior to running log_processor.py and analyzing its output, which is within purpose. However the bundled script constructs a shell command with unescaped container_name and uses subprocess.run(..., shell=True), enabling shell injection if a malicious or malformed container name is provided. The instructions do not warn about sensitive data in logs or sanitization.
Install Mechanism
Instruction-only skill with a single included Python file and no install spec — low install risk. Nothing is downloaded from external URLs.
Credentials
The skill requests no environment variables or credentials, which is proportionate. It does require access to the Docker binary/daemon (implicitly) to read container logs; container logs can contain secrets or sensitive data, so granting Docker access to this skill is a substantive privilege that should be considered.
Persistence & Privilege
always:false and no persistent install behavior. Normal autonomous invocation is allowed (platform default) but not explicitly privileged by the skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install docker-diag - After installation, invoke the skill by name or use
/docker-diag - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Docker Pro Diagnostic:
- Provides advanced log analysis for Docker containers using signal extraction.
- Guides users to extract and analyze logs via a provided Python script.
- Summarizes probable root causes and suggests relevant fixes for code or resource errors.
- Offers clear instructions and example usage for troubleshooting failing containers.
Metadata
Frequently Asked Questions
What is Docker Diag?
Advanced log analysis for Docker containers using signal extraction. It is an AI Agent Skill for Claude Code / OpenClaw, with 3133 downloads so far.
How do I install Docker Diag?
Run "/install docker-diag" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Docker Diag free?
Yes, Docker Diag is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Docker Diag support?
Docker Diag is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Docker Diag?
It is built and maintained by mkrdiop (@mkrdiop); the current version is v1.0.0.
More Skills