docker-eng

Deep Docker workflow—image design, multi-stage builds, security, runtime config, health checks, and operations. Use when containerizing apps, hardening images, or debugging container behavior in CI and production.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "docker-eng" with this command: npx skills add mikeclaw007/docker-eng

Docker Eng — Deep Workflow

Containers package applications with their dependencies. Optimize for small, reproducible images and clear runtime contracts—not “SSH into a mini VM.”

When to Offer This Workflow

Trigger conditions:

  • Authoring Dockerfiles for apps or CI
  • CVEs in base images; accidental secrets in layers
  • Slow builds or oversized images pushing registry costs

Initial offer:

Use six stages: (1) base image & supply chain, (2) Dockerfile structure, (3) runtime config & secrets, (4) security hardening, (5) health & observability, (6) ops & debugging). Confirm registry and orchestrator (Kubernetes, ECS, etc.).

Stage 1: Base Image & Supply Chain

Goal: Pin tags or digests; prefer minimal bases (distroless, slim) when compatible.

Practices

  • Scan images regularly (Trivy, Grype); track SBOM where required

Stage 2: Dockerfile Structure

Goal: Multi-stage builds: compile in builder, copy only artifacts to runtime; order layers for cache hits (dependency manifests before source).

Practices

  • Maintain a robust .dockerignore (exclude secrets, build artifacts, VCS noise)

Stage 3: Runtime Config & Secrets

Goal: Configuration via environment variables; secrets injected at runtime (K8s secrets, IAM, vault)—never COPY real secrets into the image.

Stage 4: Security Hardening

Goal: Run as non-root; read-only filesystem where possible; minimal packages in final image; avoid leaking build tools in production.

Stage 5: Health & Observability

Goal: HEALTHCHECK or orchestrator probes match real readiness (dependencies up); logs to stdout/stderr in structured form.

Stage 6: Ops & Debugging

Goal: Tag images with git SHA; document how to exec/debug (or use debug sidecars for distroless).

Final Review Checklist

  • Base image pinned and scanned
  • Multi-stage build; minimal runtime layer
  • No secrets in layers
  • Non-root and least privilege
  • Health/readiness aligned with app
  • .dockerignore and reproducible builds

Tips for Effective Guidance

  • Explain layer caching order—why COPY package.json before COPY . matters.
  • Distroless images: no shell—use ephemeral debug containers or sidecars.

Handling Deviations

  • Windows containers: different paths and base images—validate separately.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Setup

Configure OpenClaw installations with optimized settings, channel setup, security hardening, and production recommendations.

Registry SourceRecently Updated
8562ivangdavila
Security

Cameras

Connect to security cameras, capture snapshots, and process video feeds with protocol support.

Registry SourceRecently Updated
8332ivangdavila
Security

Keep My Claw — OpenClaw Backup

Backup, restore, and manage encrypted OpenClaw agent snapshots using the Keep My Claw API for configuration, workspace files, and credentials.

Registry SourceRecently Updated
1K0Profile unavailable
Security

pr-review

Find and fix code issues before publishing a PR. Single-pass review with auto-fix. Use when reviewing code changes before submission or auditing existing cod...

Registry SourceRecently Updated
1.4K0Profile unavailable