skills/d1a0y1bb/cloversec-ctf-build-dockerizer-skill/CloverSec-CTF-Build-Dockerizer/Gen Agent Trust Hub
CloverSec-CTF-Build-Dockerizer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill includes templates that download the
ttydutility from its official GitHub repository (tsl0922/ttyd) during the container build process. This is a well-known service and the reference is documented for functional purposes. - [CREDENTIALS_UNSAFE]: Templates for certain challenge profiles (RDG and SecOps) set a default password of '123456' for a 'ctf' user. In the context of CTF challenge creation, this is a standard placeholder for challenge environments and is explicitly mentioned in the documentation.
- [COMMAND_EXECUTION]: The skill's primary function is to generate and validate shell scripts and Dockerfiles. It incorporates safety checks, such as a validation rule specifically designed to detect and block 'fork bomb' patterns in generated scripts.
- [PROMPT_INJECTION]: The skill uses a strict 'AI Orchestrated Mode' protocol that directs the agent to use specific scripts for technical decisions rather than relying on its internal knowledge, which serves as a guardrail against deviation from intended logic.
Audit Metadata