Back to skill
Skillv1.0.0
ClawScan security
cluster-upgrade-planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 29, 2026, 2:01 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match its stated goal (planning K8s upgrades) but the SKILL.md expects cluster-admin access and several CLI tools (kubectl, helm, python3, rg, etc.) while the skill metadata declares no required binaries, env vars, or config paths — an incoherence you should resolve before trusting it.
- Guidance
- This skill appears to do what it says (scan cluster state and build an upgrade runbook) but it implicitly requires cluster-admin access and several CLI tools (kubectl, helm, python3, rg, possibly etcdctl). The package metadata lists none of these requirements — that mismatch is the main red flag. Before installing or running: (1) Verify the skill will run only when you intentionally invoke it (don’t give it always:true). (2) Ensure the agent will use a kubeconfig with the minimum necessary privileges (prefer read-only audit credentials for planning; avoid giving broad write/admin creds unless you intend to run backups/changes). (3) Confirm the required binaries exist on the host (kubectl, helm, python3, ripgrep/rg, etcdctl if you will run snapshots). (4) Test the commands in a staging cluster first. If you cannot audit or restrict cluster credentials, treat this skill as higher-risk and avoid granting it access to production clusters.
Review Dimensions
- Purpose & Capability
- concernThe skill's purpose (Kubernetes upgrade planning) is consistent with the commands in SKILL.md, but the metadata declares no required binaries or config paths. The runtime instructions assume kubectl, helm, python3, ripgrep (rg), and optionally etcdctl and helm are present. They also implicitly require access to a kubeconfig or equivalent cluster admin credentials. The metadata should declare these requirements; their absence is an inconsistency.
- Instruction Scope
- noteInstructions are narrowly focused on cluster discovery, deprecated API detection, addon/version checks, and runbook generation. They perform wide-ranging cluster reads (kubectl get all -A, listing every resource via api-resources) and write local temporary files (/tmp/*) and recommend backups to /backup. There is no instruction to exfiltrate data externally, but the commands collect full cluster state (namespaces, manifests, images), which is sensitive and requires cluster-admin privileges.
- Install Mechanism
- okNo install spec and no code files — the skill is instruction-only, which keeps install risk low (nothing is downloaded or written by the skill itself).
- Credentials
- concernThe skill does not declare any required environment variables or config paths, yet its instructions require access to cluster credentials (kubeconfig or in-cluster auth) and reference ETCDCTL_API in runbook snippets. It also relies on CLI tools (kubectl, helm, python3, rg, etc.). Requesting or implicitly using full cluster credentials is expected for this task, but the metadata should state this explicitly so users understand the privilege level required.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent presence or system-wide configuration changes. The runbook includes commands that create backups (etcd snapshot) and write files, but the skill itself does not auto-enable or persist beyond invocation.