ClawHub

Kubernetes 301363

Security checks across malware telemetry and agentic risk

Overview

This is a simple Kubernetes learning-note skill with overly broad triggers but no executable code or sensitive access.

Install only if you are comfortable with it being selected for general Kubernetes-related prompts. Expect lightweight, auto-merged learning notes rather than a precise operational Kubernetes assistant; review any external video links yourself before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger conditions include extremely generic phrases like "Kubernetes" and "用户需要Kubernetes相关帮助", which can activate the skill during ordinary discussion rather than an explicit user request to invoke it. In an agent setting, broad activation increases the chance of unintended prompt/context injection, irrelevant behavior, or accidental takeover of normal conversations about Kubernetes.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest trigger string is a long set of generic topic words and marketing phrases rather than a precise activation token. This makes reliable activation ambiguous and can cause the skill to be selected for unrelated or loosely related user input, expanding the attack surface for misrouting and unwanted instruction influence.

Vague Triggers

Medium
Confidence
92% confidence
Finding
This repeated trigger block again relies on broad topical matching, including the skill name and a course title, without requiring explicit opt-in. Repetition of underspecified triggers increases the probability of accidental activation and makes routing behavior harder to reason about or secure.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The duplicate trigger section preserves the same broad matching behavior and lacks constraints on when the skill should not run. Such broad routing is risky because any normal conversation about Kubernetes learning material may invoke the skill unexpectedly, potentially overriding safer default handling.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The final trigger block still uses generic phrases related to the topic instead of a narrow invocation condition. Because the file contains multiple broad trigger areas, the overall routing posture is weak and increases the likelihood that the skill will activate in benign conversations where it was not intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal