← Back to Skills Marketplace
charlie-morrison

Docker Compose Linter

by charlie-morrison · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
87
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install docker-compose-linter
Description
Lint docker-compose.yml files for security, best practices, and port conflicts.
README (SKILL.md)

docker-compose-linter

A pure Python 3 (stdlib only) linter for docker-compose.yml files.

Commands

python3 scripts/docker-compose-linter.py \x3Ccommand> [options] FILE
Command Description
lint Lint a docker-compose.yml for issues
services List all services with their images/builds
ports List all port mappings, detect conflicts
audit Full audit (lint + services + ports summary)

Options

Option Description
--format text|json|markdown Output format (default: text)
--strict Exit 1 on any issue (not just errors)
--ignore RULE Ignore a specific rule (repeatable)
--min-severity error|warning|info Minimum severity to report (default: info)

Lint Rules

Rule Severity Description
no-version info Missing or outdated version: key
no-healthcheck warning Service without healthcheck defined
no-restart-policy warning Service without restart policy
privileged-mode error Service running in privileged mode
port-conflict error Multiple services mapping to same host port
host-network warning Using network_mode: host (security risk)
latest-tag warning Image using :latest tag or no tag
no-resource-limits info No memory/CPU limits (deploy.resources)
hardcoded-env warning Secrets/passwords directly in environment variables
root-user warning No user: specified (runs as root by default)
missing-depends-on info Service uses links but no depends_on
bind-mount-relative info Relative bind mount paths
no-logging info No logging configuration
duplicate-service error Duplicate service names

Examples

# Lint with default text output
python3 scripts/docker-compose-linter.py lint docker-compose.yml

# Only show errors and warnings
python3 scripts/docker-compose-linter.py --min-severity warning lint docker-compose.yml

# JSON output for CI pipelines
python3 scripts/docker-compose-linter.py --format json lint docker-compose.yml

# Full audit in markdown
python3 scripts/docker-compose-linter.py --format markdown audit docker-compose.yml

# Ignore specific rules
python3 scripts/docker-compose-linter.py --ignore root-user --ignore no-logging lint docker-compose.yml

# Strict mode: exit 1 on any issue
python3 scripts/docker-compose-linter.py --strict lint docker-compose.yml

Requirements

  • Python 3.7+
  • No external dependencies (pure stdlib)
Usage Guidance
This skill appears coherent for linting docker-compose.yml files: it runs a bundled Python script (pure stdlib) and does not ask for credentials. However: (1) the source/homepage is unknown — review the script yourself before running, especially on sensitive hosts; (2) the project uses a custom, indentation-based YAML parser (not a standard YAML library), which can produce false positives or mis-parse complex compose files — test on copies; (3) run it in a sandbox or CI runner with limited privileges if you plan to integrate it into automation; (4) STATUS.md shows a price, so confirm licensing or payment details out-of-band. If you want, I can scan the rest of the script (the file was truncated in the review) for any subprocess, network, or os.environ usage to raise confidence to high.
Capability Analysis
Type: OpenClaw Skill Name: docker-compose-linter Version: 1.0.0 The docker-compose-linter skill is a legitimate utility for auditing Docker Compose files for security risks and best practices. The Python script (scripts/docker-compose-linter.py) uses only the standard library, implements a custom YAML-like parser to avoid external dependencies, and performs local analysis without any network activity, file exfiltration, or code execution capabilities.
Capability Assessment
Purpose & Capability
Name/description (lint docker-compose.yml) match the included Python script and SKILL.md commands. The lint rules and features described align with the code patterns seen (image/tag checks, port conflicts, healthchecks, privileged, hardcoded secrets detection). No unrelated capabilities (cloud access, secret stores, or system administration beyond reading the compose file) are requested.
Instruction Scope
SKILL.md instructs the agent/user to run the local Python script against a FILE argument. The visible code parses the provided compose text and reports issues; there are no instructions to read arbitrary system files, call external endpoints, or exfiltrate data. The parser and rules operate on the input compose file only.
Install Mechanism
There is no install spec; this is instruction-only with an included script. That is low-risk compared with fetching and executing remote code. The script is pure Python stdlib according to SKILL.md and STATUS.md and the visible code confirms no external package imports.
Credentials
The skill declares no required environment variables or credentials and the shown code does not access environment variables or secrets. The linter contains patterns to detect hardcoded secrets inside compose files (regex-based), which is appropriate for its purpose.
Persistence & Privilege
The skill is not marked always:true and does not request persistent or privileged presence. It appears to be a local tool invoked on demand and does not modify other skills or system-wide settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install docker-compose-linter
  3. After installation, invoke the skill by name or use /docker-compose-linter
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug docker-compose-linter
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Docker Compose Linter?

Lint docker-compose.yml files for security, best practices, and port conflicts. It is an AI Agent Skill for Claude Code / OpenClaw, with 87 downloads so far.

How do I install Docker Compose Linter?

Run "/install docker-compose-linter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Docker Compose Linter free?

Yes, Docker Compose Linter is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Docker Compose Linter support?

Docker Compose Linter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Docker Compose Linter?

It is built and maintained by charlie-morrison (@charlie-morrison); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments