From docker-toolkit
Package an existing MCP server repo (Node/TypeScript, Python, or other) as a Docker image runnable through the Docker MCP Gateway, and validate the resulting Docker artifacts. Use when a user wants to containerize an MCP server currently run via npx/node/python entrypoints, register it in a Docker MCP catalog, wire up secrets and config, and run it via `docker mcp gateway`. Also use to review or validate an existing Dockerfile, docker-compose.yml, catalog entry, environment variable wiring, network setup, or resource limits for an MCP server container.
How this skill is triggered — by the user, by Claude, or both
Slash command
/docker-toolkit:dockerize-mcp-serverThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Goal: turn an MCP server that currently runs via a language-native entrypoint
Goal: turn an MCP server that currently runs via a language-native entrypoint (npx, node, python, etc.) into a container image that the Docker MCP Gateway can launch and broker stdio to.
references/dockerfile-templates.md
(Node/TypeScript and Python variants) and adapt it, applying the
multi-stage-dockerfile skill (bundled in this plugin) for the
builder/runtime split, base image pinning, non-root user, and layer
caching. MCP-specific requirements on top of that:
references/docker-mcp-gateway.md for the
full catalog schema and a worked example.docker mcp secret set <name> →
surfaced as an env var via the catalog's secrets: block.docker mcp profile config <profile> --set <name>=<value>) → templated
into an env var via {{...}} in the catalog's env: block.claude mcp add <name> -- docker mcp gateway run --profile <profile>.When asked to review or validate rather than create, check:
USER, no dev deps/build tools leaking into the runtime stage, and
an ENTRYPOINT that is the stdio process itself (not a shell wrapping other
commands that write to stdout).image:, no hardcoded secrets or URLs under environment:, and the
restart/network policy is intentional, not a leftover default.secrets: or env: entry in the catalog — flag
any var that would silently fall back to a default in production.EXPOSEd ports;
egress should be limited to what the API client actually calls — treat
--network=host or unrestricted egress as a smell to question.read_only, dropped
capabilities, or memory/CPU limits where the compose/catalog format
supports them; flag containers running as root or with --privileged
unless there's a specific reason.scripts/build-and-register.sh — a single command that builds the image,
registers the catalog, and sets secrets — is planned for a later version and
not yet implemented.
references/dockerfile-templates.md — ready-to-adapt multi-stage
Dockerfile templates (Node/TypeScript, Python) for stdio MCP servers.references/docker-mcp-gateway.md — full catalog YAML schema, the
secrets-vs-profile-config distinction, and gateway/profile CLI commands.multi-stage-dockerfile skill (this plugin) for general
Dockerfile best practices.Builds a throwaway prototype to answer a design question about UI appearance or state/logic behavior. Guides you through two branches: interactive terminal app for logic validation, or multiple UI variations for visual exploration.
npx claudepluginhub dotknewt/toolkits --plugin docker-toolkit