ClawHub

Helm Chart Builder

v2.1.1

Helm chart development agent skill and plugin for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw — chart scaffolding, values design, template patterns, dep...

0· 99·2 current·2 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, reference docs, and the two analysis scripts all align with a Helm chart scaffolding/review/security-audit skill. One inconsistency: the instructions and examples assume the presence of the helm binary and python3 (e.g., 'helm lint', 'helm template', 'python3 scripts/chart_analyzer.py'), but the registry metadata lists no required binaries. The skill should declare at least 'helm' and 'python3' (or equivalent) as required.
Instruction Scope
SKILL.md instructs the agent to read and analyze Helm chart directories, run local linters/templates, and produce reports — all within the expected scope. The instructions do not ask the agent to read unrelated system files, environment variables, or send data to external endpoints. They do instruct running local helm commands and the included Python scripts against user-provided chart directories, which is appropriate for the stated purpose.
Install Mechanism
No install spec is provided (instruction-only). The two Python scripts are bundled with the skill; nothing is downloaded from an external URL or installed automatically. This is a low-risk install footprint.
Credentials
The skill declares no environment variables or credentials, which matches its local static-analysis purpose. A minor caution: the bundled demo values in values_validator.py include example secrets (e.g., PASSWORD: supersecret123, api-key: sk-12345). Those are demo/test artifacts inside the skill, not requests for user secrets, but they could be noisy or confusing and should not be copied into real charts. No env vars are requested or accessed by the scripts in the visible code.
Persistence & Privilege
The skill does not request persistent/always-on privileges (always:false) and does not modify other skills or global agent config in the provided materials. It runs analyses on supplied chart directories only, which is appropriate.
Assessment
This package looks like a legitimate Helm chart scaffolding and analysis tool. Before installing or running it: 1) Ensure you have the expected binaries (helm and a Python 3 interpreter) available — the skill's metadata did not declare them but SKILL.md expects them. 2) Inspect the bundled scripts (already included) yourself; they perform local static analysis only and do not contact external services. 3) Note the demo values include example secret-like strings — do not copy those into production charts. 4) Run the tool in a sandbox or on non-sensitive sample charts first to confirm behavior. If you want stronger guarantees, ask the skill author to add required-binaries metadata and to remove demo secrets from example data.

Like a lobster shell, security has layers — review code before you run it.

latestvk977atsp5ph410x21dznj3wgx183887t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments