1

    dockerfile-hardener

    by Zicheng Liao

    A security auditor that identifies Docker vulnerabilities, scores configurations, and generates hardened replacements.

    Updated Jun 2026
    0 installs

    Free

    Included in download

    • Downloadable skill package
    • 2 permissions declared
    • Instant install

    Sample output

    ## Dockerfile Security Audit: Dockerfile Score: 60/100 (Grade: C) ### CRITICAL (1 finding) - [C02] Line 1: No USER directive found. Fix: Add USER after creating a dedicated user. ### HIGH (1 finding) - [H01] Line 4: `apt-get install -y python3` is unpinned. Fix: Pin version: `python3=3.11.2-1`

    About This Skill

    What it does

    The Dockerfile Hardener is a specialized security auditor designed to analyze container configurations for vulnerabilities, anti-patterns, and compliance issues. It performs a deep-dive scan into image selection, layer optimization, secret handling, and runtime hardening parameters.

    Why use this skill

    Vulnerable Docker images are a primary entry point for container escapes and supply chain attacks. Standard prompting often fails to catch subtle issues like SUID binaries, cache-busting anti-patterns, or unpinned dependencies. This skill uses a rigorous, multi-point scoring system to evaluate your Dockerfile against industry-standard hardening benchmarks.

    What you get

    • Security Audit Report: A detailed breakdown of CRITICAL to LOW severity findings with line numbers and specific remediation steps.
    • Hardening Score: A letter grade (A-F) based on a 100-point security assessment.
    • Refactored Dockerfile: A fully rewritten, production-ready replacement utilizing multi-stage builds, non-root users, and BuildKit optimizations.
    • CI/CD Snippets: Ready-to-use configurations for GitHub Actions and GitLab CI.

    Supported Protocols & Tools

    The skill follows OCI standards and supports standard Dockerfiles, OCI-compliant images, and integrations with linters like Hadolint. It covers ecosystems including Node.js, Python, Go, and Java via Alpine, Distroless, and Debian-slim base images.

    Use Cases

    • Identify and remediate hardcoded secrets in build layers
    • Convert bloated single-stage builds into slim, multi-stage images
    • Enforce non-root user execution and runtime hardening best practices
    • Score container security from A-F based on industry benchmarks

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell
    Network Access

    Allowed Hosts

    github.com

    File Scopes

    dockerfile-hardener/**

    Tags

    docker
    security
    devops
    containers
    hardening

    Creator

    Zicheng Liao

    Frequently Asked Questions

    Learn More About AI Agent Skills

    More Premium Skills

    software-architect

    A structured framework for planning, reviewing, and evolving complex software systems with explicit trade-offs.

    $52 installs

    designing-hybrid-context-layers

    Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.

    $1012 installs

    consumer-motivation-analyzer

    Go beyond surface-level feedback to uncover the psychological drivers and hidden motivations behind buyer behavior.

    $199 installs

    keyword-research

    Transform URLs or product lists into SEO keyword research packs with Google Ads data and intent-based clustering.

    $77 installs

    Free