K8s Yaml Connect

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Kubernetes helper, but it can affect real clusters and handle kubeconfig credentials, so users should operate it carefully.

Install only if you intend to let the agent use kubectl against your clusters. Run dry-runs first, confirm the current context and namespace, avoid production unless explicitly intended, review untrusted manifests before applying them, and store kubeconfig files with restrictive permissions such as mode 600.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill provides direct instructions to apply arbitrary Kubernetes YAML to the current cluster context, which can modify or disrupt live resources if the user is connected to production or a sensitive namespace. Although dry-run is mentioned earlier, the apply step lacks an explicit warning to confirm target cluster, namespace, and operational impact before making changes.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs users to write kubeconfig content to `/tmp` and export `KUBECONFIG` without warning that kubeconfig may contain cluster credentials, client certificates, tokens, or impersonation settings. This can expose sensitive material via insecure temporary storage and can silently switch the active cluster context, leading to accidental operations against the wrong environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal