Claude Code Plugins

Community-maintained marketplace

Feedback

dockerfile-review

@mhalder/dotfiles
0
0

Review Dockerfiles for best practices, security, and optimization. Use when the user says "review Dockerfile", "optimize image", "Dockerfile best practices", "reduce image size", or asks to audit a container build.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name dockerfile-review
description Review Dockerfiles for best practices, security, and optimization. Use when the user says "review Dockerfile", "optimize image", "Dockerfile best practices", "reduce image size", or asks to audit a container build.
allowed-tools Read, Glob, Grep

Dockerfile Review

Audit Dockerfiles for security, efficiency, and best practices.

Instructions

  1. Read the Dockerfile
  2. Check for issues in each category below
  3. Report findings with severity (critical/warning/suggestion)
  4. Provide specific fixes with corrected code

Security checks

  • MUST flag USER root without switching back
  • MUST flag secrets in ENV, ARG, or COPY (API keys, passwords)
  • MUST flag apt-get install without --no-install-recommends
  • Flag missing USER directive (runs as root by default)
  • Flag COPY . . (may include secrets, .git, etc.)
  • Flag :latest tags (unpinned versions)
  • Flag curl | sh patterns

Optimization checks

  • Multi-stage builds for compiled languages
  • Layer ordering (least-changing first)
  • Combined RUN statements to reduce layers
  • Cache mounts for package managers: --mount=type=cache
  • .dockerignore file exists and covers .git, node_modules, etc.
  • apt-get clean && rm -rf /var/lib/apt/lists/* in same layer

Best practices

# Good: pinned, non-root, minimal
FROM python:3.11-slim@sha256:abc123...
WORKDIR /app
RUN useradd -r -s /bin/false appuser
COPY requirements.txt .
RUN --mount=type=cache,target=/root/.cache/pip \
    pip install -r requirements.txt
COPY --chown=appuser:appuser . .
USER appuser
CMD ["python", "app.py"]

Output format

## Critical
- Line 5: Running as root without USER directive

## Warnings
- Line 12: Using :latest tag - pin to specific version

## Suggestions
- Line 8-10: Combine RUN statements to reduce layers

Rules

  • MUST read the Dockerfile before reviewing
  • MUST categorize issues by severity
  • Never approve Dockerfiles with hardcoded secrets
  • Always check for corresponding .dockerignore