endor-container
Scan container images and analyze Dockerfiles for security issues. Use when the user says "scan my Docker image", "Dockerfile security", "container scan", "endor container", "docker compose security", or is creating/modifying Dockerfiles and docker-compose files. Checks for root user, latest tags, exposed ports, secrets in build args, and missing health checks. Do NOT use for application code scanning (/endor-sast).
92
89%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It provides specific capabilities, comprehensive trigger terms, explicit 'Use when' and 'Do NOT use' clauses, and clearly distinguishes itself from related skills. The inclusion of both positive triggers and a negative boundary (/endor-sast) is a best practice for avoiding skill conflicts.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: scan container images, analyze Dockerfiles, checks for root user, latest tags, exposed ports, secrets in build args, and missing health checks. Also explicitly excludes application code scanning. | 3 / 3 |
Completeness | Clearly answers both 'what' (scan container images, analyze Dockerfiles for specific security issues) and 'when' (explicit 'Use when...' clause with multiple trigger phrases). Also includes a 'Do NOT use' exclusion clause which adds further clarity. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'scan my Docker image', 'Dockerfile security', 'container scan', 'endor container', 'docker compose security', plus mentions Dockerfiles and docker-compose files. These are terms users would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche (container/Docker security scanning). The explicit exclusion of application code scanning (/endor-sast) directly addresses potential conflict with a related skill, making disambiguation very clear. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
79%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, actionable skill that efficiently communicates container security scanning patterns using tables and concrete examples. Its main weakness is the lack of explicit validation/feedback loops after applying fixes (e.g., re-scan to confirm issues resolved), and the content is somewhat long for a single SKILL.md without splitting detailed reference tables into separate files.
Suggestions
Add a validation step after presenting the secured Dockerfile/Compose — e.g., 'Re-analyze the updated file to confirm all issues are resolved before proceeding.'
Consider moving the detailed issue tables to a separate reference file (e.g., container-issues.md) and keeping only a summary in SKILL.md for better progressive disclosure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and well-structured using tables for pattern/fix pairs. No unnecessary explanations of what Docker or containers are. Every section delivers actionable information without padding. | 3 / 3 |
Actionability | Provides concrete patterns to detect, specific fixes for each issue, complete executable Dockerfile and docker-compose examples, and a real CLI command for image scanning. The tables map issues to patterns to fixes clearly. | 3 / 3 |
Workflow Clarity | Steps are clearly sequenced for Dockerfile analysis, Compose analysis, and image scanning. However, there are no explicit validation checkpoints or feedback loops — after presenting a secured Dockerfile, there's no step to verify the fixes were applied correctly or re-scan to confirm issues are resolved. | 2 / 3 |
Progressive Disclosure | References to related skills (/endor-scan, /endor-cicd, /endor-policy) and one file reference (references/data-sources.md) are present. However, the content is fairly long and inline — the detailed issue tables and full examples could potentially be split into reference files for better organization. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
344e7ff
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.