Dockerfile Hardener is a skill that performs security audits on Dockerfile configurations, scanning for vulnerabilities, anti-patterns, and compliance issues across image selection, layer structure, secret handling, and runtime hardening parameters.
When an agent runs this skill against a Dockerfile, it produces a Security Audit Report listing findings from CRITICAL to LOW severity, each with line numbers and specific remediation steps. The skill also assigns a Hardening Score — a letter grade from A to F derived from a 100-point assessment — so the severity of the overall configuration is immediately clear. Beyond reporting, it outputs a fully refactored Dockerfile that applies multi-stage builds, non-root user settings, and BuildKit optimizations. Ready-to-use CI/CD configuration snippets for GitHub Actions and GitLab CI are also generated.
The skill follows OCI standards and works with standard Dockerfiles and OCI-compliant images. It integrates with linters such as Hadolint and covers ecosystems including Node.js, Python, Go, and Java using Alpine, Distroless, and Debian-slim base images.
This skill is appropriate when Dockerfile security review is part of a development or deployment workflow and the goal is to catch issues like unpinned dependencies, SUID binaries, or cache-busting anti-patterns that generic prompting tends to miss. It is not a runtime container scanner and does not inspect running containers or image layers already built and deployed.