kubeasz-deploy

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Kubernetes deployment guide, but it contains powerful admin commands that users should review before running.

Install only if you want the agent to help administer real Kubernetes/Linux nodes. Review every command before execution, use dedicated and revocable SSH keys, avoid disabling firewalls outside isolated test networks, verify downloaded scripts and manifests, and do not use cluster-admin Dashboard tokens or destroy/redeploy steps on production clusters without backups and an explicit maintenance plan.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (12)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly states that the AI may generate or modify configuration files and execute deployment commands, but it does not disclose that these actions can change the host system or require explicit user confirmation before making changes. In an infrastructure-deployment context, this can lead to unintended system modification, cluster misconfiguration, or execution of privileged operations without sufficiently informed consent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This section provides commands that install software, alter daemon configuration, start services, and write to privileged paths such as /etc/docker/daemon.json, but it does not clearly warn users that these are root-level system modifications with rollback and compatibility risks. In a deployment guide this is likely instructional rather than malicious, but the lack of explicit safety guidance can lead to unsafe execution on production hosts.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The guide explicitly recommends disabling firewalld/ufw in test environments and opening broad Kubernetes-related ports without explaining the resulting exposure, source IP restrictions, or segmentation requirements. This meaningfully increases attack surface on cluster nodes and is especially risky because Kubernetes control-plane and NodePort services are common targets.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide documents `ezctl destroy default` as a normal operational step but does not clearly warn that it irreversibly deletes the deployed cluster environment and can cause service interruption and data loss. In an infrastructure deployment guide, destructive commands are expected, but omitting an explicit caution materially increases the risk of accidental misuse by beginners.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This troubleshooting flow recommends full cleanup, reboot, and redeploy without clearly stating that the procedure is destructive and may remove workloads, configuration, and persisted state. Because the skill targets K8s beginners, the missing warning is more dangerous: inexperienced users may execute the sequence on a system they did not intend to wipe.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The cleanup section again provides cluster destruction and reboot steps without a prominent warning about irreversibility, downtime, or possible data loss. In a quickstart guide for an all-in-one cluster this is operationally relevant, but the lack of guardrails still creates a real risk of accidental environment removal.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The guide instructs users to set up passwordless SSH across all cluster nodes, including copying keys to every host, but does not warn that this grants persistent administrative remote access from the deployment node. If the private key or deployment host is compromised, an attacker can laterally access the full cluster infrastructure and potentially take over Kubernetes control-plane and worker nodes.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The document includes node drain and deletion commands that can disrupt workloads, evict pods, and affect stateful services, but it does not clearly warn about service interruption, quorum risks, or possible data loss. In a production deployment guide, presenting these commands without explicit safeguards increases the chance of operators running destructive actions on live clusters.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The guide includes destructive deletion commands such as deleting all resources in a namespace without an explicit nearby warning about irreversible workload impact. In a post-deployment operations guide, users may copy-paste commands directly, so insufficient caution can lead to accidental service disruption or data loss.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document instructs users to delete an entire namespace, which recursively removes all resources inside it, but does not present a strong warning at the point of use. In Kubernetes, this can erase deployments, services, secrets, configmaps, and potentially disrupt production systems if the wrong namespace is targeted.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The guide creates a Dashboard ServiceAccount bound to the cluster-admin role and instructs the user to generate an access token, effectively granting full cluster control through a web UI credential. If the token is exposed through shell history, screenshots, logs, clipboard leakage, or shared terminals, an attacker can obtain complete administrative access to the Kubernetes cluster.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The document recommends a full cluster destroy and redeploy as a troubleshooting step without an explicit warning that this is destructive and can cause data loss, downtime, and configuration loss. In an ops guide for beginners, this is risky because users may execute it under stress and irreversibly disrupt production workloads.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal