whow and there we have it......
"The tool requires Docker 1.6.2 or later runs as a container with high privileges in order to ascertain the security integrity of other Docker containers."
an inbuilt portal to attack the systems in other containers.