Skills
skills/sundial-org/awesome-openclaw-skills/docker-pro-diagnostic/Gen Agent Trust Hub

docker-pro-diagnostic

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The log_processor.py script executes a shell command constructed using f-strings with unvalidated user input.
  • Evidence: The line cmd = f"docker logs --tail {max_lines} {container_name}" followed by subprocess.run(cmd, shell=True) in log_processor.py allows an attacker to append commands using shell metacharacters (e.g., ;, &, |, `).
  • Impact: An attacker can perform arbitrary actions on the host system with the privileges of the user running the agent.
  • [REMOTE_CODE_EXECUTION] (HIGH): The command injection vulnerability directly leads to remote code execution capabilities on the host environment.
  • [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8) by processing untrusted log data.
  • Ingestion points: log_processor.py reads raw output from docker logs (File: log_processor.py).
  • Boundary markers: Absent. The script joins raw log lines with a simple --- CONTEXT --- string.
  • Capability inventory: The SKILL.md instructions direct the agent to "Feed the output... into your reasoning engine" to determine root causes and suggest fixes.
  • Sanitization: None. The script does not sanitize or escape the content of the logs before returning them to the agent.
  • Impact: Malicious content within the logs could manipulate the agent's summary or trick it into suggesting malicious "fixes" to the user.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:42 AM