← 返回 Skills 市场

Docker Compose Linter

Name: Docker Compose Linter
Author: charlie-morrison

作者 charlie-morrison · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install docker-compose-linter

功能描述

Lint docker-compose.yml files for security, best practices, and port conflicts.

使用说明 (SKILL.md)

docker-compose-linter

A pure Python 3 (stdlib only) linter for docker-compose.yml files.

Commands

python3 scripts/docker-compose-linter.py \x3Ccommand> [options] FILE

Command	Description
`lint`	Lint a docker-compose.yml for issues
`services`	List all services with their images/builds
`ports`	List all port mappings, detect conflicts
`audit`	Full audit (lint + services + ports summary)

Options

Option	Description
`--format text\|json\|markdown`	Output format (default: text)
`--strict`	Exit 1 on any issue (not just errors)
`--ignore RULE`	Ignore a specific rule (repeatable)
`--min-severity error\|warning\|info`	Minimum severity to report (default: info)

Lint Rules

Rule	Severity	Description
`no-version`	info	Missing or outdated `version:` key
`no-healthcheck`	warning	Service without healthcheck defined
`no-restart-policy`	warning	Service without restart policy
`privileged-mode`	error	Service running in privileged mode
`port-conflict`	error	Multiple services mapping to same host port
`host-network`	warning	Using network_mode: host (security risk)
`latest-tag`	warning	Image using :latest tag or no tag
`no-resource-limits`	info	No memory/CPU limits (deploy.resources)
`hardcoded-env`	warning	Secrets/passwords directly in environment variables
`root-user`	warning	No user: specified (runs as root by default)
`missing-depends-on`	info	Service uses links but no depends_on
`bind-mount-relative`	info	Relative bind mount paths
`no-logging`	info	No logging configuration
`duplicate-service`	error	Duplicate service names

Examples

# Lint with default text output
python3 scripts/docker-compose-linter.py lint docker-compose.yml

# Only show errors and warnings
python3 scripts/docker-compose-linter.py --min-severity warning lint docker-compose.yml

# JSON output for CI pipelines
python3 scripts/docker-compose-linter.py --format json lint docker-compose.yml

# Full audit in markdown
python3 scripts/docker-compose-linter.py --format markdown audit docker-compose.yml

# Ignore specific rules
python3 scripts/docker-compose-linter.py --ignore root-user --ignore no-logging lint docker-compose.yml

# Strict mode: exit 1 on any issue
python3 scripts/docker-compose-linter.py --strict lint docker-compose.yml

Requirements

Python 3.7+
No external dependencies (pure stdlib)

安全使用建议

This skill appears coherent for linting docker-compose.yml files: it runs a bundled Python script (pure stdlib) and does not ask for credentials. However: (1) the source/homepage is unknown — review the script yourself before running, especially on sensitive hosts; (2) the project uses a custom, indentation-based YAML parser (not a standard YAML library), which can produce false positives or mis-parse complex compose files — test on copies; (3) run it in a sandbox or CI runner with limited privileges if you plan to integrate it into automation; (4) STATUS.md shows a price, so confirm licensing or payment details out-of-band. If you want, I can scan the rest of the script (the file was truncated in the review) for any subprocess, network, or os.environ usage to raise confidence to high.

功能分析

Type: OpenClaw Skill Name: docker-compose-linter Version: 1.0.0 The docker-compose-linter skill is a legitimate utility for auditing Docker Compose files for security risks and best practices. The Python script (scripts/docker-compose-linter.py) uses only the standard library, implements a custom YAML-like parser to avoid external dependencies, and performs local analysis without any network activity, file exfiltration, or code execution capabilities.

能力评估

✓ Purpose & Capability

Name/description (lint docker-compose.yml) match the included Python script and SKILL.md commands. The lint rules and features described align with the code patterns seen (image/tag checks, port conflicts, healthchecks, privileged, hardcoded secrets detection). No unrelated capabilities (cloud access, secret stores, or system administration beyond reading the compose file) are requested.

✓ Instruction Scope

SKILL.md instructs the agent/user to run the local Python script against a FILE argument. The visible code parses the provided compose text and reports issues; there are no instructions to read arbitrary system files, call external endpoints, or exfiltrate data. The parser and rules operate on the input compose file only.

✓ Install Mechanism

There is no install spec; this is instruction-only with an included script. That is low-risk compared with fetching and executing remote code. The script is pure Python stdlib according to SKILL.md and STATUS.md and the visible code confirms no external package imports.

✓ Credentials

The skill declares no required environment variables or credentials and the shown code does not access environment variables or secrets. The linter contains patterns to detect hardcoded secrets inside compose files (regex-based), which is appropriate for its purpose.

✓ Persistence & Privilege

The skill is not marked always:true and does not request persistent or privileged presence. It appears to be a local tool invoked on demand and does not modify other skills or system-wide settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install docker-compose-linter
安装完成后，直接呼叫该 Skill 的名称或使用 /docker-compose-linter 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release

元数据

Slug docker-compose-linter

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题