docker-hub-toolkit
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides bash scripts (build-and-push.sh, setup-multiplatform.sh, validate-dockerfile.sh) to automate Docker tasks. These scripts use standard CLI commands and robust shell practices like 'set -euo pipefail'.
- [EXTERNAL_DOWNLOADS]: The skill utilizes official GitHub Actions from the 'docker' and 'actions' organizations for CI/CD pipelines. It also uses well-known Docker images ('multiarch/qemu-user-static', 'tonistiigi/binfmt') from reputable sources to enable multi-platform build support.
- [SAFE]: The skill actively promotes security by including a template for .dockerignore that explicitly excludes sensitive files (e.g., .env, .key, credentials.json) and a validation script that detects potential hardcoded secrets and warns against running containers as the root user.
Audit Metadata