Scans containers and Dockerfiles for security issues. Wraps Hadolint for Dockerfile linting and Trivy for container image scanning. Use when user asks to "scan Dockerfile", "lint Dockerfile", "container security", "image scan", "Dockerセキュリティ", "コンテナスキャン".
/plugin marketplace add naporin0624/claude-web-audit-plugins/plugin install web-audit-tools@web-audit-marketplaceThis skill inherits all available tools. When active, it can use any tool Claude has access to.
dist/index.jspackage.jsonsrc/index.tssrc/types.tstsconfig.jsonWrapper for Hadolint and Trivy to scan Dockerfiles and container images.
# Hadolint (Dockerfile linting)
brew install hadolint
# or
docker pull hadolint/hadolint
# Trivy (container image scanning)
brew install trivy
# or
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# Lint Dockerfile
npx container-scanner lint Dockerfile
# Scan container image
npx container-scanner image nginx:latest
# Both operations with JSON output
npx container-scanner lint Dockerfile --json
npx container-scanner image myapp:v1 --json
# Check available tools
npx container-scanner --check
Common Dockerfile best practices checked:
| Rule | Description |
|---|---|
| DL3000 | Use absolute WORKDIR |
| DL3001 | For some POSIX utilities, you can skip using apt-get |
| DL3002 | Last USER should not be root |
| DL3003 | Use WORKDIR to switch directories |
| DL3006 | Always tag the version of an image explicitly |
| DL3007 | Using latest is prone to errors |
| DL3008 | Pin versions in apt get install |
| DL3009 | Delete apt-get lists after installing |
| DL3018 | Pin versions in apk add |
| DL4006 | Set SHELL option -o pipefail |
{
"tool": "hadolint",
"scanPath": "Dockerfile",
"findings": [
{
"id": "DL3007",
"severity": "warning",
"line": 1,
"message": "Using latest is prone to errors...",
"file": "Dockerfile"
}
],
"summary": { "total": 1, "error": 0, "warning": 1, "info": 0 }
}
{
"tool": "trivy",
"image": "nginx:latest",
"findings": [
{
"id": "CVE-2024-1234",
"severity": "critical",
"package": "openssl",
"installedVersion": "1.1.1",
"fixedVersion": "1.1.2",
"title": "Buffer Overflow"
}
],
"summary": { "total": 5, "critical": 1, "high": 2, "medium": 2 }
}
0: No issues found1: Issues detected2: Tool not installed or errorThis skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.