Skills
skills/pluginagentmarketplace/custom-plugin-docker/docker-registry/Gen Agent Trust Hub

docker-registry

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis

================================================================================

šŸ”“ VERDICT: HIGH

The skill is rated HIGH due to the scripts/registry-setup.sh file containing commands that perform system-level package installation (apt-get install). This action requires elevated privileges (e.g., root or sudo), which constitutes a privilege escalation risk. While the script itself does not contain sudo, it implicitly expects to be run with such privileges to succeed, leading to system modification. Other findings are of lower severity but are noted for awareness.

Total Findings: 5

šŸ”“ HIGH Findings: ā€¢ Privilege Escalation (System Package Installation)

  • scripts/registry-setup.sh:29: apt-get update && apt-get install -y apache2-utils
  • This command attempts to install system packages, requiring root privileges. Running this script with sudo would grant it the ability to modify the system, which is a significant security concern.

šŸ”µ LOW Findings: ā€¢ Credential Handling (Sensitive Token Usage)

  • SKILL.md:69: echo $GITHUB_TOKEN | docker login ghcr.io -u USERNAME --password-stdin
  • The skill demonstrates passing sensitive tokens (like GITHUB_TOKEN and AWS ECR passwords) to docker login via stdin. While this is a common and generally safer practice than passing them directly as command-line arguments, it still involves handling sensitive credentials within the execution environment. ā€¢ External Dependency (CLI Tools)
  • SKILL.md:144: skopeo copy
  • The skill references skopeo for multi-registry sync without providing installation instructions. This is an external tool that the skill relies on, making it an unverifiable dependency in the context of the skill's direct distribution. ā€¢ Permissive Security Configuration (CORS)
  • assets/docker-compose-registry.yaml:15: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '["*"]'
  • The Docker Compose file configures the registry to allow Cross-Origin Resource Sharing (CORS) from any origin. While potentially acceptable for local development, this is a permissive setting that could expose the registry to cross-site attacks if not properly secured in a production environment. ā€¢ Documentation Best Practice (Plaintext Password Example)
  • references/REGISTRY-GUIDE.md:30: htpasswd -Bbn admin password123
  • The documentation provides an example command that includes a literal plaintext password (password123). While an example, this is a poor security practice as users might copy-paste it or be encouraged to use weak passwords.

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 02:12 AM