Skill Detail

Review Dockerfiles for risky patterns and bad defaults with hadolint

Catch insecure Dockerfile patterns, brittle package-install habits, and shell pitfalls before image builds ship.

Security & VerificationMulti-Framework

Security & Verification Multi-Framework Security Reviewed

⭐ 12.1k GitHub stars

INSTALL WITH ANY AGENT

npx skills add agentskillexchange/skills --skill review-dockerfiles-for-risky-patterns-and-bad-defaults-with-hadolint Copy

Works best when you want a reusable capability, not another fragile one-off prompt.

View source

At a glance

Tools required

hadolint binary and Dockerfiles

Install & setup

Install hadolint from the project releases, package manager, or container image, then run `hadolint Dockerfile` during review or CI.

Author

hadolint

Publisher

Organization

Last updated

Apr 15, 2026

Quick brief

Use hadolint when an agent is reviewing Dockerfiles before build or release. It can flag risky base-image choices, bad package installation patterns, missing cleanup, and shell mistakes that make container images less secure or less reproducible. The boundary is Dockerfile review before image creation, not a generic container platform or registry listing.

Best fit

When to reach for it

Best when the job fits Security & Verification.
Works naturally with Multi-Framework setups.
Requires hadolint binary and Dockerfiles.
Installation is straightforward: Install hadolint from the project releases, package manager, or container image, then run `hadolint Dockerfile` during…

Trust & provenance

Why this listing is credible

Trust status: Security Reviewed.
12.1k GitHub stars on the linked upstream source.
Last updated Apr 15, 2026.

View source ↗