{ "schemaVersion": "1.0", "item": { "slug": "docker", "name": "Docker (Essentials + Advanced)", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/ivangdavila/docker", "canonicalUrl": "https://clawhub.ai/ivangdavila/docker", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/docker", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=docker", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "commands.md", "compose.md", "images.md", "infrastructure.md", "security.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "docker", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-02T15:40:29.662Z", "expiresAt": "2026-05-09T15:40:29.662Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=docker", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=docker", "contentDisposition": "attachment; filename=\"docker-1.0.4.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "docker" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/docker" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/docker", "agentPageUrl": "https://openagent3.xyz/skills/docker/agent", "manifestUrl": "https://openagent3.xyz/skills/docker/agent.json", "briefUrl": "https://openagent3.xyz/skills/docker/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "When to Use", "body": "Use when the task involves Docker, Dockerfiles, container builds, Compose, image publishing, networking, volumes, logs, debugging, or production container operations. This skill is stateless and should be applied directly whenever Docker work appears." }, { "title": "Quick Reference", "body": "TopicFileEssential commandscommands.mdDockerfile patternsimages.mdCompose orchestrationcompose.mdNetworking & volumesinfrastructure.mdSecurity hardeningsecurity.md" }, { "title": "1. Pin Image Versions", "body": "python:3.11.5-slim not python:latest\nToday's latest differs from tomorrow's — breaks immutable builds" }, { "title": "2. Combine RUN Commands", "body": "apt-get update && apt-get install -y pkg in ONE layer\nSeparate layers = stale package cache weeks later" }, { "title": "3. Non-Root by Default", "body": "Add USER nonroot in Dockerfile\nRunning as root fails security scans and platform policies" }, { "title": "4. Set Resource Limits", "body": "-m 512m on every container\nOOM killer strikes without warning otherwise" }, { "title": "5. Configure Log Rotation", "body": "Default json-file driver has no size limit\nOne chatty container fills disk and crashes host" }, { "title": "Image Traps", "body": "Multi-stage builds: forgotten --from=builder copies from wrong stage silently\nCOPY before RUN invalidates cache on every file change — copy requirements first, install, then copy code\nADD extracts archives automatically — use COPY unless you need extraction\nBuild args visible in image history — never use for secrets" }, { "title": "Runtime Traps", "body": "localhost inside container is container's localhost — bind to 0.0.0.0\nPort already in use: previous container still stopping — wait or force remove\nExit code 137 = OOM killed, 139 = segfault — check with docker inspect --format='{{.State.ExitCode}}'\nNo shell in distroless images — docker cp files out or use debug sidecar" }, { "title": "Networking Traps", "body": "Container DNS only works on custom networks — default bridge can't resolve names\nPublished ports bind to 0.0.0.0 — use 127.0.0.1:5432:5432 for local-only\nZombie connections from killed containers — set health checks and restart policies" }, { "title": "Compose Traps", "body": "depends_on waits for container start, not service ready — use condition: service_healthy\n.env file in wrong directory silently ignored — must be next to docker-compose.yml\nVolume mounts overwrite container files — empty host dir = empty container dir\nYAML anchors don't work across files — use multiple compose files instead" }, { "title": "Volume Traps", "body": "Anonymous volumes accumulate silently — use named volumes\nBind mounts have permission issues — container user must match host user\ndocker system prune doesn't remove named volumes — add --volumes flag\nStopped container data persists until container removed" }, { "title": "Resource Leaks", "body": "Dangling images grow unbounded — docker image prune regularly\nBuild cache grows forever — docker builder prune reclaims space\nStopped containers consume disk — docker container prune or --rm on run\nNetworks pile up from compose projects — docker network prune" }, { "title": "Secrets and Security", "body": "ENV and COPY bake secrets into layer history permanently — use secrets mount or runtime env\n--privileged disables all security — almost never needed, find specific capability instead\nImages from unknown registries may be malicious — verify sources\nBuild args visible in image history — don't use for secrets" }, { "title": "Debugging", "body": "Exit code 137 = OOM killed, 139 = segfault — check docker inspect --format='{{.State.ExitCode}}'\nContainer won't start: check logs even for failed containers — docker logs \nNo shell in distroless images — docker cp files out or use debug sidecar\nInspect filesystem of dead container — docker cp deadcontainer:/path ./local" }, { "title": "Related Skills", "body": "Install with clawhub install if user confirms:\n\ndevops — deployment pipelines\nlinux — host system management\nserver — server administration" }, { "title": "Feedback", "body": "If useful: clawhub star docker\nStay updated: clawhub sync" } ], "body": "When to Use\n\nUse when the task involves Docker, Dockerfiles, container builds, Compose, image publishing, networking, volumes, logs, debugging, or production container operations. This skill is stateless and should be applied directly whenever Docker work appears.\n\nQuick Reference\nTopic\tFile\nEssential commands\tcommands.md\nDockerfile patterns\timages.md\nCompose orchestration\tcompose.md\nNetworking & volumes\tinfrastructure.md\nSecurity hardening\tsecurity.md\nCore Rules\n1. Pin Image Versions\npython:3.11.5-slim not python:latest\nToday's latest differs from tomorrow's — breaks immutable builds\n2. Combine RUN Commands\napt-get update && apt-get install -y pkg in ONE layer\nSeparate layers = stale package cache weeks later\n3. Non-Root by Default\nAdd USER nonroot in Dockerfile\nRunning as root fails security scans and platform policies\n4. Set Resource Limits\n-m 512m on every container\nOOM killer strikes without warning otherwise\n5. Configure Log Rotation\nDefault json-file driver has no size limit\nOne chatty container fills disk and crashes host\nImage Traps\nMulti-stage builds: forgotten --from=builder copies from wrong stage silently\nCOPY before RUN invalidates cache on every file change — copy requirements first, install, then copy code\nADD extracts archives automatically — use COPY unless you need extraction\nBuild args visible in image history — never use for secrets\nRuntime Traps\nlocalhost inside container is container's localhost — bind to 0.0.0.0\nPort already in use: previous container still stopping — wait or force remove\nExit code 137 = OOM killed, 139 = segfault — check with docker inspect --format='{{.State.ExitCode}}'\nNo shell in distroless images — docker cp files out or use debug sidecar\nNetworking Traps\nContainer DNS only works on custom networks — default bridge can't resolve names\nPublished ports bind to 0.0.0.0 — use 127.0.0.1:5432:5432 for local-only\nZombie connections from killed containers — set health checks and restart policies\nCompose Traps\ndepends_on waits for container start, not service ready — use condition: service_healthy\n.env file in wrong directory silently ignored — must be next to docker-compose.yml\nVolume mounts overwrite container files — empty host dir = empty container dir\nYAML anchors don't work across files — use multiple compose files instead\nVolume Traps\nAnonymous volumes accumulate silently — use named volumes\nBind mounts have permission issues — container user must match host user\ndocker system prune doesn't remove named volumes — add --volumes flag\nStopped container data persists until container removed\nResource Leaks\nDangling images grow unbounded — docker image prune regularly\nBuild cache grows forever — docker builder prune reclaims space\nStopped containers consume disk — docker container prune or --rm on run\nNetworks pile up from compose projects — docker network prune\nSecrets and Security\nENV and COPY bake secrets into layer history permanently — use secrets mount or runtime env\n--privileged disables all security — almost never needed, find specific capability instead\nImages from unknown registries may be malicious — verify sources\nBuild args visible in image history — don't use for secrets\nDebugging\nExit code 137 = OOM killed, 139 = segfault — check docker inspect --format='{{.State.ExitCode}}'\nContainer won't start: check logs even for failed containers — docker logs \nNo shell in distroless images — docker cp files out or use debug sidecar\nInspect filesystem of dead container — docker cp deadcontainer:/path ./local\nRelated Skills\n\nInstall with clawhub install if user confirms:\n\ndevops — deployment pipelines\nlinux — host system management\nserver — server administration\nFeedback\nIf useful: clawhub star docker\nStay updated: clawhub sync" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/ivangdavila/docker", "publisherUrl": "https://clawhub.ai/ivangdavila/docker", "owner": "ivangdavila", "version": "1.0.4", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/docker", "downloadUrl": "https://openagent3.xyz/downloads/docker", "agentUrl": "https://openagent3.xyz/skills/docker/agent", "manifestUrl": "https://openagent3.xyz/skills/docker/agent.json", "briefUrl": "https://openagent3.xyz/skills/docker/agent.md" } }