SkillDiff
← Back to browse

container-validator

Dockerfile best practices, Kubernetes manifest validation, container security

By Skill Diff (@skill-diff)

Published Jan 19, 2026Updated Jan 20, 20261 views0 upvotesclaudeContainer SecurityDevOpsDockerKubernetesSource
Loading attachments…

Install to GitHub

Create a pull request that installs this skill under .codex/skills/….

SkillDiff never pushes directly to your default branch — everything happens via PR.

Sign in to connect GitHub and create an install PR.

Container Validator Skill

Purpose

The Container Validator Skill validates Docker containers and Kubernetes manifests against best practices, security standards, and compliance requirements. It ensures containers are production-ready, secure, and optimized.

Key Capabilities:

  • Dockerfile best practice validation
  • Kubernetes manifest validation
  • Container security scanning
  • Resource limit verification
  • Image optimization recommendations
  • CIS Docker Benchmark compliance

Target Token Savings: 75% (from ~2400 tokens to ~600 tokens)

When to Use

  • Building Docker images
  • Deploying to Kubernetes
  • Security audits
  • CI/CD pipelines
  • Production deployments
  • Compliance checks

Operations

1. validate-dockerfile

Validates Dockerfile against best practices.

2. validate-k8s

Validates Kubernetes manifests.

3. validate-compose

Validates docker-compose.yml files.

4. validate-all

Comprehensive container validation.

Scripts

# Validate Dockerfile
python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-dockerfile \
  --file Dockerfile

# Validate Kubernetes manifests
python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-k8s \
  --dir ./k8s

# Validate docker-compose
python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-compose \
  --file docker-compose.yml

# Comprehensive validation
python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-all \
  --dir .

Configuration

{
  "container-validator": {
    "dockerfile": {
      "require_user": true,
      "require_healthcheck": true,
      "max_layers": 20,
      "scan_security": true
    },
    "kubernetes": {
      "require_resources": true,
      "require_liveness_probe": true,
      "require_readiness_probe": true,
      "scan_rbac": true
    },
    "security": {
      "allow_privileged": false,
      "require_read_only_root": true,
      "scan_vulnerabilities": true
    }
  }
}

Examples

Example 1: Validate Dockerfile

python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-dockerfile \
  --file Dockerfile

Output:

{
  "success": true,
  "operation": "validate-dockerfile",
  "issues": [
    {
      "line": 15,
      "severity": "critical",
      "type": "root_user",
      "description": "Container runs as root",
      "recommendation": "Add: USER nonroot"
    },
    {
      "line": 8,
      "severity": "medium",
      "type": "no_healthcheck",
      "description": "Missing HEALTHCHECK instruction",
      "recommendation": "Add: HEALTHCHECK CMD curl -f http://localhost/ || exit 1"
    }
  ],
  "execution_time_ms": 45
}

Example 2: Validate Kubernetes Manifests

python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-k8s \
  --dir ./k8s

Output:

{
  "success": true,
  "operation": "validate-k8s",
  "files_validated": 5,
  "issues": [
    {
      "file": "deployment.yaml",
      "severity": "high",
      "type": "missing_resources",
      "description": "Container missing resource limits",
      "recommendation": "Add resources.limits.memory and resources.limits.cpu"
    },
    {
      "file": "deployment.yaml",
      "severity": "medium",
      "type": "missing_probe",
      "description": "Missing livenessProbe",
      "recommendation": "Add livenessProbe to container spec"
    }
  ],
  "execution_time_ms": 123
}

Example 3: Validate Docker Compose

python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-compose \
  --file docker-compose.yml

Output:

{
  "success": true,
  "operation": "validate-compose",
  "services": 3,
  "issues": [
    {
      "service": "web",
      "severity": "high",
      "type": "exposed_port",
      "description": "Port exposed without security configuration",
      "recommendation": "Use internal network or add authentication"
    }
  ],
  "execution_time_ms": 67
}

Example 4: Comprehensive Validation

python ~/.claude/skills/container-validator/scripts/main.py \
  --operation validate-all \
  --dir .

Output:

{
  "success": true,
  "operation": "validate-all",
  "summary": {
    "dockerfiles": 2,
    "k8s_manifests": 5,
    "compose_files": 1,
    "total_issues": 8,
    "critical": 1,
    "high": 3,
    "medium": 4
  },
  "execution_time_ms": 234
}

Token Economics

Without Skill: ~2400 tokens With Skill: ~600 tokens (75% savings)

Success Metrics

  • Execution time: <100ms for Dockerfile validation
  • Accuracy: >98% issue detection
  • False positive rate: <3%

Container Validator Skill v1.0.0 - Ensuring container best practices

Comments

Loading comments…
Loading comments…