K8s Cost Optimizer
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: k8s-cost-optimizer Version: 1.0.0 The k8s-cost-optimizer skill bundle is a comprehensive set of instructions for an AI agent to perform Kubernetes FinOps audits. It outlines legitimate data collection methods (kubectl, Prometheus, cloud billing APIs) and provides detailed logic for identifying cost-saving opportunities like overprovisioned resources, idle workloads, and spot instance migration. The instructions include explicit safety constraints and staged rollout plans to prevent service disruption, and there is no evidence of malicious intent, data exfiltration, or unauthorized execution in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with broad credentials, the agent may see production cluster structure, workload metadata, usage patterns, and billing details.
The skill expects cluster-wide Kubernetes inventory and cloud billing data. That access is purpose-aligned for cost optimization, but it can expose sensitive infrastructure and financial information.
The agent collects from four sources ... `kubectl get all,pvc,svc -A -o json` ... AWS Cost Explorer, GCP billing export, Azure Cost Management
Use read-only Kubernetes and cloud billing roles where possible, confirm the active kube context/cloud account, or provide redacted exports instead of broad live credentials.
Applying generated patches or scale commands without review could reduce resources, stop workloads, or disrupt service.
The skill may produce ready-to-apply Kubernetes changes. This is aligned with cost optimization, but applying those commands can mutate production workloads.
The agent produces ... per-recommendation YAML patches or commands ... Action: scale to zero ... `kubectl scale --replicas=0`
Treat generated YAML and commands as proposals. Require human approval, use dry-run/diff workflows, stage changes gradually, and keep rollback plans.
A mistaken recommendation or an unreviewed change could propagate into production outages, degraded performance, or data migration risk.
The instructions acknowledge that resource right-sizing and storage migration can cause OOM kills or downtime if applied incorrectly.
patch container.resources.requests.memory down ... NOTE: never set requests below working-set-p99 — OOMKills kill the savings ... snapshot migration ... Plan downtime
Validate metrics windows, test in non-production or canary deployments, schedule risky storage changes during maintenance windows, and monitor after rollout.