← Back to Skills

Docker Reviewer

🌐Community
by physics91 · vlatest · Repository

Analyzes Dockerfiles for security vulnerabilities, best practices, and efficiency improvements, powered by physics91's expertise.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add docker-reviewer npx -- -y @trustedskills/docker-reviewer
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "docker-reviewer": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/docker-reviewer"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The docker-reviewer skill analyzes Dockerfiles to identify potential security vulnerabilities, inefficiencies, and best practice violations. It provides feedback on areas like image size optimization, base image selection, and the use of sensitive information in the Dockerfile. This helps ensure container images are secure, efficient, and maintainable.

When to use it

  • Before deploying a new application: Review your Dockerfiles proactively to catch issues early in the development lifecycle.
  • During code reviews: Integrate docker-reviewer into your team's workflow for consistent Dockerfile quality.
  • When optimizing existing container images: Identify areas where you can reduce image size and improve performance.
  • To ensure compliance with security standards: Verify that your Dockerfiles adhere to organizational or industry best practices.

Key capabilities

  • Dockerfile analysis
  • Security vulnerability detection
  • Image size optimization suggestions
  • Best practice violation identification

Example prompts

  • "Review this Dockerfile for potential vulnerabilities: [Dockerfile content]"
  • "Can you analyze this Dockerfile and suggest ways to reduce the image size? [Dockerfile content]"
  • "Check this Dockerfile against common security best practices. [Dockerfile content]"

Tips & gotchas

The skill requires a valid Dockerfile as input; it cannot function without one. The quality of feedback depends on the complexity and structure of the provided Dockerfile.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
physics91
Installs
2
Repository (canonical source) →

🌐 Community

Passed automated security scans.