Skills
skills/zjy365/sealos-skills/docker-to-sealos/Gen Agent Trust Hub

docker-to-sealos

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the subprocess module in scripts/compose_to_template.py and scripts/quality_gate.py to invoke system binaries such as crane and kompose. These executions are essential for resolving image versions and performing workload conversions. The scripts use list-based argument passing to mitigate command injection risks.
  • [EXTERNAL_DOWNLOADS]: The conversion logic in scripts/compose_to_template.py includes a feature to search for and download application logos from the external service api.svgl.app. This network activity is limited to retrieving static image assets (SVG/PNG) for the generated templates.
  • [SAFE]: The skill implements multiple security safeguards, including enforcing fixed image tags instead of floating ones, disabling automatic service account token mounting by default, and using safe YAML loading throughout its processing scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 09:41 AM
Security Audit — agent-trust-hub — docker-to-sealos