docker

Optimizes Dockerfiles and Docker Compose for Python and Node.js applications, enhancing container performance and reliability.

Install this skill

55/100

Security score

The docker skill was audited on May 21, 2026 and we found 11 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 251

Template literal with variable interpolation in command context

SourceSKILL.md

251

```yaml

high line 379

Template literal with variable interpolation in command context

SourceSKILL.md

379	- Secrets in `environment:` as plaintext — environment variables are visible in `docker inspect`, CI logs, and image layers if baked in; use Docker secrets, a secrets manager, or pass via host env

medium line 158

Access to root home directory

SourceSKILL.md

158	RUN --mount=type=cache,target=/root/.cache/uv \

low line 124

Access to .env file

SourceSKILL.md

124

**/.env

low line 125

Access to .env file

SourceSKILL.md

125

**/.env.*

low line 262

Access to .env file

SourceSKILL.md

262	# Option 3: .env file (dev only — don't commit secrets)

low line 264

Access to .env file

SourceSKILL.md

264

- .env

medium line 380

Access to .env file

SourceSKILL.md

380	- No `.dockerignore` — without it, `COPY . .` sends the entire repo (`.git`, `node_modules`, `__pycache__`, `.env`) into the build context, bloating image size and potentially leaking secrets

medium line 387

Access to .env file

SourceSKILL.md