← 返回 Skills 市场
Docker Analyzer
作者
bytesagain4
· GitHub ↗
· v1.0.0
· MIT-0
273
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install docker-analyzer
功能描述
A tool for exploring each layer in a docker image Based on wagoodman/dive (53,557+ GitHub stars). docker analyzer, go, cli, docker, docker-image, explorer, i...
使用说明 (SKILL.md)
Docker Analyzer
A tool for exploring each layer in a docker image
Inspired by wagoodman/dive (53,557+ GitHub stars).
Commands
help- Helprun- Runinfo- Infostatus- Status
Features
- Core functionality from wagoodman/dive
Usage
Run any command: docker-analyzer \x3Ccommand> [args]
Disclaimer: This skill is an independent, original implementation. It is not affiliated with, endorsed by, or derived from the referenced open-source project. No code was copied. The reference is for context only.
Powered by BytesAgain | bytesagain.com | [email protected]
安全使用建议
This skill appears to do what it claims: local inspection and simple optimization suggestions for Docker images. Before installing: (1) confirm you are comfortable granting the agent access to the Docker daemon (it will run docker commands and can read image/container metadata and compose files); (2) review the small script (scripts/docker_analyzer.sh) yourself — it is short and readable — to ensure no changes or hidden endpoints; (3) if you plan to run it in a sensitive environment (CI, production hosts with privileged sockets), prefer running it in an isolated environment or as a user without broad Docker privileges; (4) note the metadata omission (required binaries not declared) — expect to have docker and python3 available for the skill to work. If you want higher assurance, request the upstream source or a reproducible build provenance for the implementation.
功能分析
Type: OpenClaw Skill
Name: docker-analyzer
Version: 1.0.0
The skill contains a shell-to-python injection vulnerability in scripts/docker_analyzer.sh within the 'optimize' command. The shell variable '$image' is directly interpolated into a Python heredoc without sanitization, allowing for arbitrary code execution if a crafted image name is provided. While the tool's functionality aligns with its stated purpose of Docker image analysis, this lack of input validation represents a significant security flaw.
能力评估
Purpose & Capability
The name/description (Docker image layer explorer) align with the code: the script runs docker commands to inspect images, history, layers, sizes, and compose files. However, the skill metadata declares no required binaries while the script clearly requires docker and python3 to function — this is a mismatch in declared requirements (likely an oversight) but not malicious.
Instruction Scope
SKILL.md and the included script limit actions to local Docker operations: docker images/ps/inspect/history/system df/compose and optional reading of a docker-compose.yml file. The instructions do not attempt to read unrelated system files, export secrets, or call external network endpoints. Output is printed to stdout; no hidden exfiltration or remote endpoints are present.
Install Mechanism
There is no install spec (instruction-only) and the packaged script is a local bash file that calls python3 — no remote downloads or archive extraction are used. Note: SKILL.md declares runtime: python3 while the shipped entrypoint is a bash script that embeds python snippets; this is a minor inconsistency but not an install risk.
Credentials
The skill requests no environment variables or credentials. It does, however, require access to the Docker daemon (via the docker CLI / unix socket), which implicitly requires that the agent/user has permission to use Docker. That access allows reading image/container metadata and any exposed container information — expected for this tool, but higher-privilege than a pure local utility without daemon access.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system configuration, and has no install-time persistence mechanisms. Autonomous invocation is allowed (platform default) but the skill itself has no special persistence or privileged system changes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install docker-analyzer - 安装完成后,直接呼叫该 Skill 的名称或使用
/docker-analyzer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Docker Analyzer 是什么?
A tool for exploring each layer in a docker image Based on wagoodman/dive (53,557+ GitHub stars). docker analyzer, go, cli, docker, docker-image, explorer, i... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 273 次。
如何安装 Docker Analyzer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install docker-analyzer」即可一键安装,无需额外配置。
Docker Analyzer 是免费的吗?
是的,Docker Analyzer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Docker Analyzer 支持哪些平台?
Docker Analyzer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Docker Analyzer?
由 bytesagain4(@xueyetianya)开发并维护,当前版本 v1.0.0。
推荐 Skills