Back to skill

Security audit

kubectl

Security checks across malware telemetry and agentic risk

Overview

This kubectl skill is transparent and purpose-aligned, but it exposes high-impact Kubernetes operations without enough scoping or safety guidance.

Install only if you intentionally want an agent to help operate Kubernetes clusters and you trust the environment where it will run. Use a least-privilege kubeconfig, avoid production contexts by default, verify context and namespace before every command, require explicit approval for write, delete, exec, cp, drain, scale, rollout, taint, and credential commands, and never paste live tokens into chat or recorded command logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill enables network-capable operations against a live Kubernetes API via kubectl but does not declare permissions or capability boundaries. That omission can cause an agent or platform to invoke cluster-affecting actions without clear authorization or user awareness, increasing the risk of unintended infrastructure changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The overview advertises operationally destructive capabilities such as apply, patch, scale, drain, taint, and label changes without an explicit warning that these can disrupt workloads or cluster availability. In an agent skill, presenting these as normal operations without guardrails makes accidental production impact more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The maintenance example includes kubectl drain, which evicts pods and can interrupt workloads, but it is shown without a warning about service impact, PodDisruptionBudgets, local data loss, or the need to verify the node and environment first. Examples in skills are often copied verbatim, so unsafe destructive examples materially increase operational risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference includes credential management commands such as kubectl config set-credentials USER --token=TOKEN without warning that tokens are sensitive secrets that may be exposed through shell history, logs, transcripts, or copied kubeconfig files. In an agent skill context, this is more dangerous because an LLM-driven tool may encourage users to paste live tokens directly into commands, increasing the chance of credential leakage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.