act-docker-setup

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill/documentation is functionally benign and aligned with its purpose (configuring act and Docker), but it includes multiple high-risk operational recommendations (mounting Docker socket, privileged mode, broad Linux capabilities, running as root, disabling seccomp) that make it dangerous when applied to untrusted or third-party workflows. There is no direct malware or obfuscated code, but the patterns described permit host compromise and credential/data exposure if misused. Treat these instructions as sensitive operational guidance and apply strong warnings, least-privilege defaults, and isolation when following them. LLM verification: This skill/documentation is functionally legitimate for configuring act with Docker and contains expected, explicit instructions for images, mounts, and resource limits. However, it also recommends several high-risk operations (mounting the Docker socket, adding capabilities, running privileged containers, executing remote install scripts, and destructive cleanup commands) that can enable full host compromise if used incorrectly or with untrusted workflows. There is no direct evidence of malicio