kubectl
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent kubectl helper skill, but it can use your Kubernetes credentials to make real changes to whatever cluster context is active.
Install only if you want the agent to help operate Kubernetes clusters. Before running commands, check the active kubectl context and namespace, use least-privilege credentials, prefer dry-runs for changes, and require explicit confirmation for production, delete, drain, exec, or rollout operations.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked in the wrong context, the agent could act with your Kubernetes account’s permissions.
The skill relies on local Kubernetes credentials. This is expected for kubectl, but those credentials may grant access to production clusters or sensitive namespaces.
**kubeconfig** file configured with cluster credentials (default: `~/.kube/config`)
Before using the skill, verify `kubectl config current-context`, prefer least-privilege kubeconfig contexts, and avoid granting cluster-admin access unless necessary.
Commands such as apply, patch, scale, delete, or drain can change or disrupt live Kubernetes resources.
The skill documents mutation-capable kubectl operations. These are central to the stated purpose, but they can affect running workloads and cluster availability.
**Deploy & Update** — Create, apply, patch, and update Kubernetes resources ... **Perform Operations** — Scale deployments, drain nodes, manage taints and labels
Use dry-run where available, specify namespace and context explicitly, and require explicit user approval for destructive or production-impacting commands.
Users may not get an upfront platform warning that the skill depends on kubectl and local cluster credentials.
The registry metadata under-declares the kubectl binary and kubeconfig dependency that the README and SKILL.md describe. This is not hidden in the documentation, but automated installation checks may not surface the requirement.
Required binaries (all must exist): none ... Primary credential: none ... Required config paths: none
Treat the documented prerequisites as authoritative and consider updating metadata to declare kubectl and kubeconfig requirements.