ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

k8s-ops

v2.1.0

Kubernetes operations plugin — 32 tools for cluster management, monitoring, troubleshooting, and security auditing

0· 24·0 current·0 all-time
by@cn-big-cabbage
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, SKILL.md, and the code all claim Kubernetes management and require kubectl/kubeconfig — that is coherent. However the package delegates all tool handlers to @k8s-ops/core (skillRegistry), which is not present in the published files; the plugin also exposes an SSH-related hosts config (password/privateKeyPath) not mentioned in the high-level requirements. These are plausible features for a K8s ops tool but increase the trust surface.
!
Instruction Scope
SKILL.md only instructs using kubectl and kubeconfig (default ~/.kube/config) which is expected. But the actual handlers are loaded from @k8s-ops/core (skillRegistry) — the SKILL.md does not include the implementation of those 32 tools. Because the runtime handlers are external, we cannot confirm they stay within the stated scope (they could read other files, make network calls, or transmit cluster/SSH credentials).
Install Mechanism
No install spec (instruction-only) reduces install-time risk. However package.json depends on "@k8s-ops/core": "workspace:*" which indicates the real logic lives in a workspace package that is not included here; this unresolved dependency is a supply-chain risk (the core package determines runtime behavior).
!
Credentials
The skill declares no required env vars but expects a kubeconfig (defaults to ~/.kube/config) and offers optional SSH credentials/privateKeyPath in its config schema. Reading the user's kubeconfig and optionally SSH private keys accesses very sensitive secrets. Those credential accesses are not declared as required environment/config paths in the metadata — a mismatch that increases risk.
Persistence & Privilege
always is false and there is no indication the plugin demands permanent privileged presence or modifies other skills. It registers tools and runs when invoked. Autonomous invocation is allowed by platform default; that combination is not by itself flagged.
What to consider before installing
This plugin claims to be a Kubernetes toolbox and that part is plausible, but the actual tool implementations are imported from @k8s-ops/core which is not included or linked to a homepage — you cannot audit the code that will run. The plugin will read your kubeconfig (~/.kube/config) and can accept SSH credentials (password or privateKeyPath) via its config, which gives it access to sensitive cluster and host credentials. Before installing: 1) ask the publisher for the source/homepage and the full @k8s-ops/core package so you can review the handlers; 2) avoid supplying real kubeconfigs or private keys until you audit the code; 3) run the plugin in an isolated environment or with least-privilege kubeconfig (read-only, limited namespaces) if you must test; 4) prefer plugins with transparent provenance (public repo, reproducible builds). If the author cannot provide the core package/source, treat this as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk979np10hytx0za93999asqsjd84fqht

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binskubectl

Comments