kubectl
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: kubectl Version: 1.0.0 The skill bundle is classified as suspicious due to the inherent high-risk capabilities of the `kubectl` command-line tool, which it fully exposes. While the code and documentation (SKILL.md, references/REFERENCE.md, and scripts/*.sh) are transparent and align with the stated purpose of Kubernetes cluster management, they enable powerful actions such as arbitrary command execution within pods (`kubectl exec`), viewing sensitive cluster configurations (`kubectl config view`), and transferring files to/from pods (`kubectl cp`). These capabilities, though plausibly needed for the skill's function, grant broad access and control over a Kubernetes cluster, posing a significant risk if the agent or user is compromised, even without explicit evidence of intentional malicious behavior like data exfiltration to external endpoints or prompt injection attempts to subvert the agent's core directives.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked in the wrong context, the agent could act with your Kubernetes account’s permissions.
The skill relies on local Kubernetes credentials. This is expected for kubectl, but those credentials may grant access to production clusters or sensitive namespaces.
**kubeconfig** file configured with cluster credentials (default: `~/.kube/config`)
Before using the skill, verify `kubectl config current-context`, prefer least-privilege kubeconfig contexts, and avoid granting cluster-admin access unless necessary.
Commands such as apply, patch, scale, delete, or drain can change or disrupt live Kubernetes resources.
The skill documents mutation-capable kubectl operations. These are central to the stated purpose, but they can affect running workloads and cluster availability.
**Deploy & Update** — Create, apply, patch, and update Kubernetes resources ... **Perform Operations** — Scale deployments, drain nodes, manage taints and labels
Use dry-run where available, specify namespace and context explicitly, and require explicit user approval for destructive or production-impacting commands.
Users may not get an upfront platform warning that the skill depends on kubectl and local cluster credentials.
The registry metadata under-declares the kubectl binary and kubeconfig dependency that the README and SKILL.md describe. This is not hidden in the documentation, but automated installation checks may not surface the requirement.
Required binaries (all must exist): none ... Primary credential: none ... Required config paths: none
Treat the documented prerequisites as authoritative and consider updating metadata to declare kubectl and kubeconfig requirements.