K8s Cost Optimizer
PassAudited by ClawScan on May 3, 2026.
Overview
This is a coherent Kubernetes cost-audit skill, but it relies on cluster and cloud-billing data and can generate production-impacting recommendations that should be reviewed before use.
Before installing or using this skill, verify the full SKILL.md, use read-only Kubernetes and cloud billing access, and do not apply generated patches, scale/delete commands, PV migration steps, or savings-plan/reservation recommendations without normal change approval and rollback planning.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with broad credentials, the agent may see production cluster structure, workload metadata, usage patterns, and billing details.
The skill expects cluster-wide Kubernetes inventory and cloud billing data. That access is purpose-aligned for cost optimization, but it can expose sensitive infrastructure and financial information.
The agent collects from four sources ... `kubectl get all,pvc,svc -A -o json` ... AWS Cost Explorer, GCP billing export, Azure Cost Management
Use read-only Kubernetes and cloud billing roles where possible, confirm the active kube context/cloud account, or provide redacted exports instead of broad live credentials.
Applying generated patches or scale commands without review could reduce resources, stop workloads, or disrupt service.
The skill may produce ready-to-apply Kubernetes changes. This is aligned with cost optimization, but applying those commands can mutate production workloads.
The agent produces ... per-recommendation YAML patches or commands ... Action: scale to zero ... `kubectl scale --replicas=0`
Treat generated YAML and commands as proposals. Require human approval, use dry-run/diff workflows, stage changes gradually, and keep rollback plans.
A mistaken recommendation or an unreviewed change could propagate into production outages, degraded performance, or data migration risk.
The instructions acknowledge that resource right-sizing and storage migration can cause OOM kills or downtime if applied incorrectly.
patch container.resources.requests.memory down ... NOTE: never set requests below working-set-p99 — OOMKills kill the savings ... snapshot migration ... Plan downtime
Validate metrics windows, test in non-production or canary deployments, schedule risky storage changes during maintenance windows, and monitor after rollout.