Docker Compose Linter
by Timoranjes
Enforce security, reliability, and deployment best practices for Docker Compose files.
- Detect and remediate hardcoded secrets in environment variables
- Implement CPU and memory limits to prevent container resource exhaustion
- Secure internal databases by removing unnecessary host port mappings
Free
Included in download
- Downloadable skill package
- Works with Claude Code, Cursor
- 2 permissions declared
Sample input
Analyze my docker-compose.yml file for security issues and best practices. Look for hardcoded secrets, image tags, and missing healthchecks.
Sample output
🔴 CRITICAL - Hardcoded secret: DB_PASSWORD on line 12. Move to env_file or Docker secrets. 🟡 WARNING - Image 'redis:latest' is unpinned. Recommend: redis:7.2-alpine. 🟡 WARNING - Missing healthcheck for service 'api'. Add a healthcheck to ensure service readiness. ✅ PASS - Resource limits defined.
Docker Compose Linter
by Timoranjes
Enforce security, reliability, and deployment best practices for Docker Compose files.
Free
Included in download
- Downloadable skill package
- Works with Claude Code, Cursor
- 2 permissions declared
- Instant install
Sample input
Analyze my docker-compose.yml file for security issues and best practices. Look for hardcoded secrets, image tags, and missing healthchecks.
Sample output
🔴 CRITICAL - Hardcoded secret: DB_PASSWORD on line 12. Move to env_file or Docker secrets. 🟡 WARNING - Image 'redis:latest' is unpinned. Recommend: redis:7.2-alpine. 🟡 WARNING - Missing healthcheck for service 'api'. Add a healthcheck to ensure service readiness. ✅ PASS - Resource limits defined.
About This Skill
What it does
This skill provides a comprehensive security and reliability audit for Docker Compose configurations. It scans docker-compose.yml and compose.yaml files to detect misconfigurations that lead to security vulnerabilities, performance bottlenecks, and deployment failures.
Why use this skill
Manual review of infrastructure-as-code is error-prone. This skill automates a 14-point quality gate that is more rigorous than standard YAML validation. While basic AI prompts might catch syntax errors, this skill enforces industry best practices like non-root execution, resource capping, image pinning, and network isolation that are often overlooked by developers focused on "just making it work."
What it covers
- Security Audit: Detects hardcoded secrets, privileged mode, dangerous capabilities, and exposed database ports.
- Reliability: Validates healthchecks, restart policies, and ensures resource limits are defined to prevent host exhaustion.
- Architecture: Recommends internal networking for backend services and image pinning to specific tags (no
:latest). - Modern Standards: Flags deprecated
versionfields and recommendsservice_healthyconditions for dependencies.
Output Format
The skill generates a categorized report with 🔴 CRITICAL, 🟡 WARNING, and ✅ PASS indicators, providing line-specific locations and clear remediation steps for every finding.
Use Cases
- Detect and remediate hardcoded secrets in environment variables
- Implement CPU and memory limits to prevent container resource exhaustion
- Secure internal databases by removing unnecessary host port mappings
- Modernize compose files by removing deprecated fields and pinning image tags
Known Limitations
- Cannot verify image version availability on registries.
- Does not scan the contents of referenced Dockerfiles or .env files.
- Static analysis only; cannot verify runtime network connectivity.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/docker-compose-linter -o /tmp/docker-compose-linter.zip && unzip -o /tmp/docker-compose-linter.zip -d ~/.claude/skills && rm /tmp/docker-compose-linter.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
File Scopes
Claude Code, Cursor, Windsurf, and other SKILL.md-compatible agents.
Creator
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
Multi-Agent Orchestration Master Library
Transform Claude Code into a coordinated multi-agent system. Battle-tested tmux orchestration patterns, YAML task queues, event-driven communication, and parallel worker management for 8+ agents.
Legacy Code Modernization Planner for AI Coding Agents
Creates safe modernization roadmaps for old, messy, undocumented, or fragile codebases, including risk audits, refactor phases, dependency reviews, testing plans, migration steps, and AI coding prompts.
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
ai-automation-qa-pack
Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.