← 返回 Skills 市场

Container Update Advisor

Name: Container Update Advisor
Author: newageinvestments25-byte

作者 New Age Investments · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

120

总下载

当前安装

版本数

在 OpenClaw 中安装

/install container-update-advisor

功能描述

Check running Docker containers for newer image versions and generate a prioritized update report. Fetches release notes and flags breaking changes vs safe u...

使用说明 (SKILL.md)

Container Update Advisor

Check all running Docker containers against Docker Hub for newer versions, fetch changelogs, and output a prioritized markdown report with risk flags.

Scripts

All scripts live in scripts/ relative to this file. Run from that directory.

Script	Purpose
`scan_containers.py`	List running containers + image tags (outputs JSON)
`check_updates.py`	Query Docker Hub for newer versions (stdin/file → JSON)
`fetch_changelog.py`	Fetch GitHub release notes for updated images (stdin/file → JSON)
`format_report.py`	Render prioritized markdown report (stdin/file → stdout)

Full Pipeline

python3 scan_containers.py \
  | python3 check_updates.py \
  | python3 fetch_changelog.py \
  | python3 format_report.py

To save intermediate output for debugging, pass each script's output as a file argument to the next:

python3 scan_containers.py > /tmp/c.json
python3 check_updates.py /tmp/c.json > /tmp/u.json
python3 fetch_changelog.py /tmp/u.json > /tmp/ch.json
python3 format_report.py /tmp/ch.json

Risk Assessment Logic

Major version bump → 🔴 review first
Minor version bump → 🔴 review first (may have API changes)
Changelog mentions "breaking" → 🔴 review first
Patch bump only, no breaking keywords → 🟢 safe to update

What Gets Skipped

Containers using latest tag (no version to compare)
Digest-pinned images (sha256:... tags)
Non-Docker Hub registries (GHCR, ECR, etc.)
Private images (401/403 → skipped gracefully)
Non-semver tags (e.g. alpine, focal, slim)

GitHub Token (Optional)

Set GITHUB_TOKEN env var to increase GitHub API from 60 → 5,000 req/hr:

export GITHUB_TOKEN=ghp_yourtoken

Reference

See references/setup-guide.md for scheduling, rate limits, and how image matching works.

安全使用建议

This skill appears to do what it claims. Before installing or running: 1) Review the scripts locally (they are included) if you want to confirm behavior. 2) Understand it requires access to the Docker CLI/daemon (it runs 'docker ps' and 'docker info'), so it will list your running containers — treat this as sensitive metadata. 3) The tool will make outbound requests to Docker Hub and GitHub using image names and inferred repo URLs; private/internal image names may be revealed to those services if images are hosted there. 4) Only provide a GITHUB_TOKEN if you accept using that token to authenticate calls to api.github.com (no scopes are required for public repo reads, but treat tokens as secrets). 5) If you run this on a machine with sensitive or internal-only images, consider running it in a controlled environment or auditing the behavior first by running the scripts with saved intermediate JSON files to inspect what would be sent externally.

功能分析

Type: OpenClaw Skill Name: container-update-advisor Version: 1.0.0 The container-update-advisor skill bundle is a legitimate tool for auditing Docker container versions. It uses standard system calls (docker ps) and public APIs (Docker Hub, GitHub) to identify outdated images and fetch release notes. The code follows security best practices, such as using subprocess with argument lists to prevent shell injection and implementing rate-limiting to avoid API abuse. No evidence of data exfiltration, malicious persistence, or prompt injection was found across the scripts (scan_containers.py, check_updates.py, fetch_changelog.py, format_report.py) or documentation.

能力评估

✓ Purpose & Capability

Name/description match the included scripts: scanning local Docker containers, checking Docker Hub tags, fetching GitHub release notes, and formatting a report. No unrelated credentials, binaries, or installers are requested.

ℹ Instruction Scope

SKILL.md explicitly instructs running the four scripts in pipeline. The scripts run the 'docker' CLI to list containers and make outbound requests to Docker Hub and GitHub APIs (expected). Note: container image names, namespaces, and tags are sent to Docker Hub/GitHub as part of the checks — this is necessary for the feature but is network-exfiltration of container metadata by design.

✓ Install Mechanism

Instruction-only skill with bundled Python scripts; there is no install spec and nothing is downloaded from remote URLs. No archives or external install operations are performed.

✓ Credentials

No required env vars. One optional env var (GITHUB_TOKEN) is documented and used only to increase GitHub API rate limits. No other secrets or unrelated credentials are requested.

✓ Persistence & Privilege

Skill is not always-enabled and does not request elevated persistent privileges or modify other skills or system configuration. It runs on-demand and only executes local docker CLI commands and outbound API calls.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install container-update-advisor
安装完成后，直接呼叫该 Skill 的名称或使用 /container-update-advisor 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: Check Docker containers for newer image versions, fetch changelogs, flag breaking changes vs safe updates.

元数据

Slug container-update-advisor

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题