firebase/resolve-docker-vulnerabilities
.agent/skills/resolve-docker-vulnerabilities/SKILL.md
Skill to resolve Docker vulnerabilities for the firebase-cli image. Use this skill when you need to check for vulnerabilities in the firebase-cli Docker image and address them.
$ install --global
skillsauthnpx skillsauth add firebase/firebase-tools resolve-docker-vulnerabilitiesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 4:51 PM4.4s1 file scanned
SKILL.md
- name:
- resolve-docker-vulnerabilities
- description:
- Skill to resolve Docker vulnerabilities for the firebase-cli image. Use this skill when you need to check for vulnerabilities in the firebase-cli Docker image and address them.
Resolve Docker Vulnerabilities
This skill guides you through the process of listing images, checking for vulnerabilities, planning remediation, and verifying the fixes by publishing to a staging repository.
Workflow
1. Publish to Staging
Run the build on fir-tools-builds and publish to the staging repository in firebase-cli to see the baseline vulnerabilities after the build's own updates.
./scripts/publish/firebase-docker-image/run.sh --build-project fir-tools-builds --repo staging --target firebase-cli
2. Check Vulnerabilities
Check the vulnerability reports for the image just pushed to staging. You will need to find the digest of the image first.
gcloud artifacts docker images list us-docker.pkg.dev/firebase-cli/staging/firebase
Then check vulnerabilities using the digest:
gcloud artifacts vulnerabilities list us-docker.pkg.dev/firebase-cli/staging/firebase@sha256:<DIGEST>
To investigate which layers and file paths are causing the vulnerabilities, run the command with --format=json:
gcloud artifacts vulnerabilities list us-docker.pkg.dev/firebase-cli/staging/firebase@sha256:<DIGEST> --format=json
Look for fileLocation and layerDetails in the output to understand if the vulnerability is in:
- Project dependencies (e.g., under
/usr/local/node_packages/node_modules). Recommend updating the package.json and running the build again. You can use overrides as needed here to upgrade transitive dependencies to non-breaking versions. - Global tools (e.g., under
/usr/local/lib/node_modules/npm). Recommend waiting for upstream fixes (which will be pulled in as soon as they are available). - External binaries (e.g., emulator JARs under
/root/.cache/firebase/emulators). Recommend raising these issues to the team owning the emulator.
3. Plan Remediation
For each vulnerable package identified:
- Determine if it can be updated in the Dockerfile.
- Check if a fix is available.
- Create a plan to address it (e.g., upgrading the base image, upgrading the specific package).
4. Present Plan to User
Present the proposed plan to the user for approval before making changes.
5. Apply Fix and Re-Verify
After making changes to the Dockerfile or related files, repeat Step 1 and Step 2 to publish a new staged image and verify that the vulnerabilities have been resolved.
Related Skills
openclaw/taskflow
tools
VerifiedTrustedCommunity
Use when work should span one or more detached tasks but still behave like one job with a single owner context. TaskFlow is the durable flow substrate under authoring layers like Lobster, ACPX, plugins, or plain code. Keep conditional logic in the caller; use TaskFlow for flow identity, child-task linkage, waiting state, revision-checked mutations, and user-facing emergence.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,764SKILL.mdUpdated Apr 10, 2026
steipete/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,588SKILL.mdUpdated Apr 13, 2026
steipete/xurl
tools
VerifiedTrustedCommunity
A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.
356,423SKILL.mdUpdated Apr 13, 2026