Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

nixopus/dockerfile-generation

Name: dockerfile-generation
Author: nixopus

skills/dockerfile-generation/SKILL.md

npx skillsauth add nixopus/agent dockerfile-generation

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Dockerfile Generation

Generate production Dockerfiles using multi-stage builds. Always optimize for small image size, layer caching, and security.

General rules

Always use multi-stage builds (builder + runtime)
Pin base image versions (e.g. node:20-alpine, not node:latest)
Use Alpine or slim variants for runtime
Copy dependency files first, install, then copy source (layer caching)
Run as non-root user in production
Set NODE_ENV=production or equivalent
Include EXPOSE directive for the detected port
Use .dockerignore to exclude node_modules, .git, dist, __pycache__

Node.js

FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM node:20-alpine
WORKDIR /app
RUN addgroup -S app && adduser -S app -G app
COPY --from=builder /app/package*.json ./
RUN npm ci --omit=dev
COPY --from=builder /app/dist ./dist
USER app
EXPOSE 3000
CMD ["node", "dist/index.js"]

Variations:

Next.js: Use output: 'standalone' in next.config.js. Copy .next/standalone and .next/static.
Vite/CRA (static): Build in Node, serve with nginx:alpine. Copy dist/ or build/ to /usr/share/nginx/html.
pnpm: Replace npm ci with corepack enable && pnpm install --frozen-lockfile.
yarn: Replace npm ci with yarn install --frozen-lockfile.
Bun: Use oven/bun:1-alpine as base.

Go

FROM golang:1.22-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o /app/server ./cmd/server

FROM alpine:3.19
RUN addgroup -S app && adduser -S app -G app
COPY --from=builder /app/server /server
USER app
EXPOSE 8080
CMD ["/server"]

Use scratch instead of alpine if the binary has no external dependencies and doesn't need a shell.

Python

FROM python:3.12-slim AS builder
WORKDIR /app
COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt

FROM python:3.12-slim
WORKDIR /app
RUN useradd -r -s /bin/false app
COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
COPY --from=builder /usr/local/bin /usr/local/bin
COPY . .
USER app
EXPOSE 8000
CMD ["gunicorn", "app:app", "--bind", "0.0.0.0:8000"]

Variations:

FastAPI: CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
Django: CMD ["gunicorn", "project.wsgi:application", "--bind", "0.0.0.0:8000"]
Poetry: Copy pyproject.toml and poetry.lock, use poetry install --no-dev.

Rust

FROM rust:1.77-alpine AS builder
WORKDIR /app
RUN apk add musl-dev
COPY Cargo.toml Cargo.lock ./
RUN mkdir src && echo "fn main() {}" > src/main.rs
RUN cargo build --release
COPY src ./src
RUN touch src/main.rs && cargo build --release

FROM alpine:3.19
RUN addgroup -S app && adduser -S app -G app
COPY --from=builder /app/target/release/<binary_name> /app
USER app
EXPOSE 8080
CMD ["/app"]

Java (Maven)

FROM maven:3.9-eclipse-temurin-21 AS builder
WORKDIR /app
COPY pom.xml ./
RUN mvn dependency:go-offline
COPY src ./src
RUN mvn package -DskipTests

FROM eclipse-temurin:21-jre-alpine
WORKDIR /app
RUN addgroup -S app && adduser -S app -G app
COPY --from=builder /app/target/*.jar app.jar
USER app
EXPOSE 8080
CMD ["java", "-jar", "app.jar"]

Static sites (nginx)

For any frontend that produces a dist/ or build/ directory:

FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM nginx:alpine
COPY --from=builder /app/dist /usr/share/nginx/html
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

Checklist before generating

Read the manifest file to confirm ecosystem and framework
Check for existing .dockerignore — if missing, generate one
Detect the actual build output directory (may not be dist/)
Detect the actual start command from scripts.start or framework defaults
Detect the correct port from code or config
Check if the app needs build-time env vars (e.g. NEXT_PUBLIC_*)

Related Skills

deployment-analysis — Run first to determine the ecosystem, framework, port, and build commands before generating a Dockerfile
env-detection — Identify build-time vs runtime env vars that need ARG/ENV directives in the Dockerfile
compose-setup — If the app needs a database or other services alongside the Dockerfile

nixopus/dockerfile-generation

skills/dockerfile-generation/SKILL.md

Generate production-ready multi-stage Dockerfiles per ecosystem with best practices. Use when the user needs a Dockerfile, asks about containerization, or when no Dockerfile exists in the repository.

1 stars

devops

Updated Apr 22, 2026

$ install --global

skillsauth

npx skillsauth add nixopus/agent dockerfile-generation

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 22, 2026, 11:53 PM185.9s1 file scanned

SKILL.md

name:: dockerfile-generation
description:: Generate production-ready multi-stage Dockerfiles per ecosystem with best practices. Use when the user needs a Dockerfile, asks about containerization, or when no Dockerfile exists in the repository.
version:: 1.0

Dockerfile Generation

Generate production Dockerfiles using multi-stage builds. Always optimize for small image size, layer caching, and security.

General rules

Always use multi-stage builds (builder + runtime)
Pin base image versions (e.g. node:20-alpine, not node:latest)
Use Alpine or slim variants for runtime
Copy dependency files first, install, then copy source (layer caching)
Run as non-root user in production
Set NODE_ENV=production or equivalent
Include EXPOSE directive for the detected port
Use .dockerignore to exclude node_modules, .git, dist, __pycache__

Node.js

FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM node:20-alpine
WORKDIR /app
RUN addgroup -S app && adduser -S app -G app
COPY --from=builder /app/package*.json ./
RUN npm ci --omit=dev
COPY --from=builder /app/dist ./dist
USER app
EXPOSE 3000
CMD ["node", "dist/index.js"]

Variations:

Next.js: Use output: 'standalone' in next.config.js. Copy .next/standalone and .next/static.
Vite/CRA (static): Build in Node, serve with nginx:alpine. Copy dist/ or build/ to /usr/share/nginx/html.
pnpm: Replace npm ci with corepack enable && pnpm install --frozen-lockfile.
yarn: Replace npm ci with yarn install --frozen-lockfile.
Bun: Use oven/bun:1-alpine as base.

Go

FROM golang:1.22-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o /app/server ./cmd/server

FROM alpine:3.19
RUN addgroup -S app && adduser -S app -G app
COPY --from=builder /app/server /server
USER app
EXPOSE 8080
CMD ["/server"]

Use scratch instead of alpine if the binary has no external dependencies and doesn't need a shell.

Python

FROM python:3.12-slim AS builder
WORKDIR /app
COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt

FROM python:3.12-slim
WORKDIR /app
RUN useradd -r -s /bin/false app
COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
COPY --from=builder /usr/local/bin /usr/local/bin
COPY . .
USER app
EXPOSE 8000
CMD ["gunicorn", "app:app", "--bind", "0.0.0.0:8000"]

Variations:

FastAPI: CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
Django: CMD ["gunicorn", "project.wsgi:application", "--bind", "0.0.0.0:8000"]
Poetry: Copy pyproject.toml and poetry.lock, use poetry install --no-dev.

Rust

FROM rust:1.77-alpine AS builder
WORKDIR /app
RUN apk add musl-dev
COPY Cargo.toml Cargo.lock ./
RUN mkdir src && echo "fn main() {}" > src/main.rs
RUN cargo build --release
COPY src ./src
RUN touch src/main.rs && cargo build --release

FROM alpine:3.19
RUN addgroup -S app && adduser -S app -G app
COPY --from=builder /app/target/release/<binary_name> /app
USER app
EXPOSE 8080
CMD ["/app"]

Java (Maven)

FROM maven:3.9-eclipse-temurin-21 AS builder
WORKDIR /app
COPY pom.xml ./
RUN mvn dependency:go-offline
COPY src ./src
RUN mvn package -DskipTests

FROM eclipse-temurin:21-jre-alpine
WORKDIR /app
RUN addgroup -S app && adduser -S app -G app
COPY --from=builder /app/target/*.jar app.jar
USER app
EXPOSE 8080
CMD ["java", "-jar", "app.jar"]

Static sites (nginx)

For any frontend that produces a dist/ or build/ directory:

FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM nginx:alpine
COPY --from=builder /app/dist /usr/share/nginx/html
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

Checklist before generating

Read the manifest file to confirm ecosystem and framework
Check for existing .dockerignore — if missing, generate one
Detect the actual build output directory (may not be dist/)
Detect the actual start command from scripts.start or framework defaults
Detect the correct port from code or config
Check if the app needs build-time env vars (e.g. NEXT_PUBLIC_*)

Related Skills

deployment-analysis — Run first to determine the ecosystem, framework, port, and build commands before generating a Dockerfile
env-detection — Identify build-time vs runtime env vars that need ARG/ENV directives in the Dockerfile
compose-setup — If the app needs a database or other services alongside the Dockerfile

Related Skills

nixopus/api-catalog

tools

VerifiedTrustedCommunity

Compressed catalog of all Nixopus API operations for the nixopus_api() tool

1SKILL.mdUpdated Apr 26, 2026

nixopus/static-deploy

development

VerifiedTrustedCommunity

Deploy static file sites — Caddy/nginx serving, Staticfile config, and Dockerfile patterns. Use when deploying a static HTML site with no server-side runtime, or when index.html or a Staticfile is detected at the project root.

1SKILL.mdUpdated Apr 22, 2026

nixopus/static-deploy

nixopus/shell-deploy

devops

VerifiedTrustedCommunity

Deploy shell script applications — interpreter detection, setup scripts, and Dockerfile patterns. Use when deploying a shell script project, or when start.sh is detected.

1SKILL.mdUpdated Apr 22, 2026

nixopus/self-heal

development

VerifiedTrustedCommunity

Self-healing loop for failed deployments — diagnose, fix, redeploy up to 3 attempts, then escalate or rollback. Load when a deployment fails or build errors occur.

1SKILL.mdUpdated Apr 22, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/nixopus/agent.git

# Copy into Claude Code skills folder (global)
cp -r agent/skills/dockerfile-generation ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

nixopus/agent

1 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT