container-security-auditor

Container Security Auditor - Auto-activating skill for Security Advanced. Triggers on: container security auditor, container security auditor Part of the Security Advanced skill category.

1.00x

Quality

Does it follow best practices?

Impact

99%

1.00x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/container-security-auditor/SKILL.md

Evaluation results

100%

Dockerfile Security Hardening

Dockerfile security audit with standards validation

Criteria

Without context

With context

Step-by-step report structure

100%

Standards reference: base image

100%

Standards reference: general findings

100%

Hardened base image

100%

No hardcoded secrets

100%

Non-root user

100%

Unnecessary packages removed

100%

Excessive permissions removed

100%

Minimized exposed ports

100%

DEBUG disabled

100%

Production-ready Dockerfile

100%

Risk explanation per finding

100%

Without context: $0.4207 · 2m 21s · 17 turns · 18 in / 7,496 out tokens

With context: $0.5059 · 2m 41s · 25 turns · 58 in / 8,774 out tokens

97%

-1%

Container Platform Compliance Gap Analysis

SOC2/GDPR compliance assessment for containerized services

Criteria

Without context

With context

SOC 2 criteria cited

100%

GDPR articles cited

100%

Structured by domain

75%

62%

DB port not publicly bound

100%

Redis port not publicly bound

100%

Secrets removed from environment

100%

Internal network isolation

100%

Pinned image versions

100%

Debug logging addressed

100%

Production-ready compose file

100%

Remediation per finding

100%

Read-only filesystem recommended

100%

Without context: $0.4249 · 2m 23s · 18 turns · 18 in / 8,223 out tokens

With context: $0.4724 · 2m 20s · 20 turns · 19 in / 8,469 out tokens

100%

Threat Model for Containerized Payments Microservice

Container threat modeling with STRIDE analysis

Criteria

Without context

With context

Systematic methodology used

100%

Trust boundaries identified

100%

Container-specific threats

100%

Likelihood and impact assessed

100%

Unencrypted inter-service traffic threat

100%

Kubernetes namespace isolation threat

100%

Step-by-step structure

100%

mTLS mitigation included

100%

Least-privilege container mitigations

100%

Production-ready mitigations

100%

Prioritized mitigations

100%

Image supply chain threat

100%

Without context: $0.4202 · 3m 15s · 12 turns · 61 in / 10,094 out tokens

With context: $0.6955 · 3m 57s · 25 turns · 26 in / 12,643 out tokens

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 994edc4

Evaluated: 18 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Dockerfile Security Hardening Container Platform Compliance Gap Analysis Threat Model for Containerized Payments Microservice

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.