Disclosure: I work for Scalock, the company behind Peekr.

How does Peekr work, in a technical sense?

Peekr downloads the image you select (container:tag), opens it up and scans it to find known vulnerabilities (from a database of millions of vulnerabilities), then runs the container in isolation trying to detect any behaviour which can be considered malicious or dangerous, such as fork bombing for example.