1

    dockerfile-hardener

    by Timoranjes

    A security auditor that identifies Docker vulnerabilities, scores configurations, and generates hardened replacements.

    Updated Jun 2026
    0 installs

    Free

    Included in download

    • Downloadable skill package
    • Works with Compatible with Claude Code, Cursor
    • 2 permissions declared
    • Instant install

    Sample input

    Audit this Dockerfile for security: FROM node:latest\nCOPY . /app\nRUN npm install\nCMD ["node", "index.js"]

    Sample output

    Score: 35/100 (Grade: F) Findings:

    • [CRITICAL] Running as Root: No USER defined.
    • [CRITICAL] Privileged Base Image: Using 'latest' tag.
    • [MEDIUM] No Multi-Stage Build: Build tools in runtime. Remediation: Use node:20-alpine and add 'USER node'.

    About This Skill

    What it does

    The Dockerfile Hardener is a specialized security auditor designed to analyze container configurations for vulnerabilities, anti-patterns, and compliance issues. It performs a deep-dive scan into image selection, layer optimization, secret handling, and runtime hardening parameters.

    Why use this skill

    Vulnerable Docker images are a primary entry point for container escapes and supply chain attacks. Standard prompting often fails to catch subtle issues like SUID binaries, cache-busting anti-patterns, or unpinned dependencies. This skill uses a rigorous, multi-point scoring system to evaluate your Dockerfile against industry-standard hardening benchmarks.

    What you get

    • Security Audit Report: A detailed breakdown of CRITICAL to LOW severity findings with line numbers and specific remediation steps.
    • Hardening Score: A letter grade (A-F) based on a 100-point security assessment.
    • Refactored Dockerfile: A fully rewritten, production-ready replacement utilizing multi-stage builds, non-root users, and BuildKit optimizations.
    • CI/CD Snippets: Ready-to-use configurations for GitHub Actions and GitLab CI.

    Supported Protocols & Tools

    The skill follows OCI standards and supports standard Dockerfiles, OCI-compliant images, and integrations with linters like Hadolint. It covers ecosystems including Node.js, Python, Go, and Java via Alpine, Distroless, and Debian-slim base images.

    Use Cases

    • Identify and remediate hardcoded secrets in build layers
    • Convert bloated single-stage builds into slim, multi-stage images
    • Enforce non-root user execution and runtime hardening best practices
    • Score container security from A-F based on industry benchmarks

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell
    Network Access

    Allowed Hosts

    github.com

    File Scopes

    dockerfile-hardener/**

    Tags

    docker
    security
    devops
    containers
    hardening

    Compatible with Claude Code, Cursor, Aider, and Cline.

    Creator

    Timoranjes

    Frequently Asked Questions

    Learn More About AI Agent Skills

    More Premium Skills

    Multi-Agent Orchestration Master Library

    Transform Claude Code into a coordinated multi-agent system. Battle-tested tmux orchestration patterns, YAML task queues, event-driven communication, and parallel worker management for 8+ agents.

    $157 installs
    sast-configuration

    sast-configuration

    Automate the setup and optimization of Semgrep, SonarQube, and CodeQL for high-signal security testing.

    $103 installs

    designing-hybrid-context-layers

    Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.

    $1015 installs

    ai-automation-qa-pack

    Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.

    $59 installs

    Free