Skillv0.2.0

ClawScan security

Kubeblocks · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 10:57 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only KubeBlocks skill that is internally consistent with its stated purpose (provisioning and operating databases on Kubernetes) but the package metadata omits a couple of runtime requirements (kubectl/helm and kubeconfig) that the SKILL.md relies on.
Guidance: This skill appears to do exactly what it says: provide step-by-step guidance to install and operate KubeBlocks-managed databases on Kubernetes. Before you install or enable it, verify the following: 1) The SKILL.md requires kubectl, helm, and access to a kubeconfig — ensure any agent running this skill is given only the minimal Kubernetes credentials necessary (avoid cluster-admin if possible and prefer a least-privilege service account / namespace-scoped credentials). 2) Because the skill uses kubectl to read Secrets (database passwords) and run applies/deletes, only enable it in environments you trust (prefer a dev/test cluster for initial use). 3) Note the repository metadata does not list the runtime requirements (kubectl/helm/kubeconfig) — treat that as a metadata omission and ensure the agent environment meets the SKILL.md requirements. 4) Require explicit user confirmation before destructive operations (delete, wipeout, terminationPolicy changes) — the SKILL.md recommends this, but make sure your agent enforces it. If you need higher assurance, review the individual engine SKILL.md files for the exact kubectl/helm commands and dry-run patterns before granting the agent live cluster access.
Findings: [no-regex-findings] expected: Regex-based static scanner found nothing to analyze; this repo is instruction-only and contains many SKILL.md files (no executable code) so the scanner had no code to scan. Lack of findings is not evidence of safety, but is expected for an instruction-only skill.

Review Dimensions

Purpose & Capability: noteThe skill's name and description (manage DBs on Kubernetes with KubeBlocks) match the instructions and included engine-specific guides. However, the repository metadata declares no required binaries or config paths, while the SKILL.md frontmatter and content clearly require kubectl, helm and access to a kubeconfig (a Kubernetes cluster). This is a metadata omission/inconsistency, not a functional mismatch.
Instruction Scope: okAll runtime instructions (kubectl, helm, kubectl port-forward, kubectl exec, reading Kubernetes Secrets via kubectl get secret, dry-run then apply, watch resource status) are narrowly scoped to provisioning and operating KubeBlocks-managed database clusters. The instructions do not attempt to read unrelated host files or reach unusual external endpoints — only official docs, Helm charts, and cluster APIs are referenced.
Install Mechanism: okThis is instruction-only (no install spec, no code files to execute). The README suggests installing the skill repo via git clone or npx, which is common for skills; no arbitrary download URLs or binary installations are baked into the skill itself. Risk from installation is low, but installing the repo to an agent still involves pulling third-party content (standard GitHub workflow).
Credentials: noteThe skill does not declare required environment variables or credentials in the registry metadata, but the SKILL.md explicitly requires access to a Kubernetes cluster (kubeconfig) and will read cluster Secrets (e.g., database passwords). Requiring kubeconfig / cluster-admin level access is proportionate to the stated purpose, but the lack of declared config paths or a primary credential in the metadata is an omission that could mislead users about what permissions an agent will need.
Persistence & Privilege: okalways:false and default autonomous invocation settings are used. The skill does not request persistent presence or modify other skills. Note: autonomous invocation is the platform default — if you grant this skill access to a kubeconfig with broad privileges, the agent could make live changes to clusters; that is expected for a provisioning/ops skill but worth being cautious about.