docker-compose-orchestration
skills-sh:manutej_luxor-claude-marketplace__docker-compose-orchestration
View sourceFirst Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
22
Score
45/100
Findings (22)
Code block labeled "markdown" contains executable content
services:
redis:
image: redis:alpine
healthcheck:
test: |
sh -c '
redis-cli ping | grep PONG &&
redis-cli --raw incr ping | grep 1
'
interval: 10s...Align the tool description with what the code actually does. If the description says one thing but the code does another, update the description to be accurate or fix the code.
Likely FP if the NLP analyzer misinterpreted technical jargon or the description accurately describes behavior through domain-specific terminology.
Detects attempts to access the Docker daemon socket
/var/run/docker.sockBlock access to cloud provider IAM and credential endpoints from agent tools. Implement egress filtering to prevent requests to cloud control plane APIs.
Likely FP if the match is documentation about cloud IAM setup rather than code that programmatically accesses IAM endpoints.
Detects attempts to access the Docker daemon socket
/var/run/docker.sockBlock access to cloud provider IAM and credential endpoints from agent tools. Implement egress filtering to prevent requests to cloud control plane APIs.
Likely FP if the match is documentation about cloud IAM setup rather than code that programmatically accesses IAM endpoints.
Detects attempts to access the Docker daemon socket
/var/run/docker.sockBlock access to cloud provider IAM and credential endpoints from agent tools. Implement egress filtering to prevent requests to cloud control plane APIs.
Likely FP if the match is documentation about cloud IAM setup rather than code that programmatically accesses IAM endpoints.
Detects attempts to access the Docker daemon socket
/var/run/docker.sockBlock access to cloud provider IAM and credential endpoints from agent tools. Implement egress filtering to prevent requests to cloud control plane APIs.
Likely FP if the match is documentation about cloud IAM setup rather than code that programmatically accesses IAM endpoints.
Detects attempts to access the Docker daemon socket
/var/run/docker.sockBlock access to cloud provider IAM and credential endpoints from agent tools. Implement egress filtering to prevent requests to cloud control plane APIs.
Likely FP if the match is documentation about cloud IAM setup rather than code that programmatically accesses IAM endpoints.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- NODE_ENV=development
- DATABASE_URL=postgresql://postgres:password@db:5432/myapp
- REDIS_URL=redis://cache:6379
- JWT_SECRET=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- SERVICE_NAME=auth
- DATABASE_URL=postgresql://db:5432/auth_db
- JWT_SECRET=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- POSTGRES_PASSWORD=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- PGADMIN_DEFAULT_EMAIL=admin@dev.local
- PGADMIN_DEFAULT_PASSWORD=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects URLs fetched at runtime that control or influence agent behavior without pinning
get --no-verbose --tries=1 --spider http:// + SettingAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- POSTGRES_PASSWORD=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- POSTGRES_PASSWORD_FILE=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- POSTGRES_PASSWORD=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- MONGODB_URI=mongodb://mongo:27017/myapp
- JWT_SECRET=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- MONGO_INITDB_ROOT_USERNAME=admin
- MONGO_INITDB_ROOT_PASSWORD=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- SPRING_DATASOURCE_URL=jdbc:mysql://db:3306/springdb?useSSL=false
- SPRING_DATASOURCE_USERNAME=root
- SPRING_DATASOURCE_PASSWORD=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- JENKINS_URL=http://jenkins:8080
- JENKINS_AGENT_NAME=agent1
- JENKINS_SECRET=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects Docker or docker-compose commands passing credentials via environment variables
environment:
- GF_SECURITY_ADMIN_USER=admin
- GF_SECURITY_ADMIN_PASSWORD=Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.
Detects execution of shell script files via bash/sh command or direct invocation
./scripts/backup.sh:/backup.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.