Kubernetes DevOps Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Kubernetes operations toolkit, but users should treat it as having access to live cluster credentials and logs.

Install this only in environments where the agent is allowed to use the selected Kubernetes credentials. Prefer a restricted kubeconfig/RBAC role, test against non-production clusters first, verify the active context and namespace before Helm or deployment actions, and use pinned or locked dependencies in stricter environments.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (17)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README demonstrates deployment creation and other cluster-modifying operations without any warning that these actions affect live Kubernetes resources and may target the current or production context. In a DevOps toolkit, this increases the chance of accidental changes, outages, or deployment to the wrong cluster, especially when users follow quick-start examples verbatim.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The Helm examples cover install, upgrade, and rollback, all of which can disrupt services, change configuration, or trigger production incidents, but the README provides no warning about these operational risks. Because Helm commonly targets active clusters, omission of cautionary guidance makes accidental service impact more likely in this skill context.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The diagnostics routine automatically returns a logs preview for the target pod, which may contain secrets, tokens, PII, internal URLs, stack traces, or other sensitive operational data. In a reusable agent skill context, this increases the chance of inadvertent data disclosure because callers may receive log contents without an explicit consent step, warning, or redaction control.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Kubernetes DevOps Toolkit - Dependencies # Kubernetes Client kubernetes>=28.1.0 # YAML Processing PyYAML>=6.0.1
Confidence: 96% confidence
Finding: kubernetes>=28.1.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: kubernetes>=28.1.0 # YAML Processing PyYAML>=6.0.1 # CLI Interface click>=8.1.0
Confidence: 98% confidence
Finding: PyYAML>=6.0.1

Unpinned Dependencies

Low

Category: Supply Chain
Content: PyYAML>=6.0.1 # CLI Interface click>=8.1.0 rich>=13.5.0 # HTTP Client
Confidence: 91% confidence
Finding: click>=8.1.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # CLI Interface click>=8.1.0 rich>=13.5.0 # HTTP Client requests>=2.31.0
Confidence: 91% confidence
Finding: rich>=13.5.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: rich>=13.5.0 # HTTP Client requests>=2.31.0 # Async Support aiohttp>=3.8.0
Confidence: 98% confidence
Finding: requests>=2.31.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.31.0 # Async Support aiohttp>=3.8.0 # Testing pytest>=7.4.0
Confidence: 97% confidence
Finding: aiohttp>=3.8.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: aiohttp>=3.8.0 # Testing pytest>=7.4.0 pytest-asyncio>=0.21.0 pytest-cov>=4.1.0
Confidence: 85% confidence
Finding: pytest>=7.4.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Testing pytest>=7.4.0 pytest-asyncio>=0.21.0 pytest-cov>=4.1.0 # Utilities
Confidence: 84% confidence
Finding: pytest-asyncio>=0.21.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Testing pytest>=7.4.0 pytest-asyncio>=0.21.0 pytest-cov>=4.1.0 # Utilities tabulate>=0.9.0
Confidence: 84% confidence
Finding: pytest-cov>=4.1.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: pytest-cov>=4.1.0 # Utilities tabulate>=0.9.0 python-dateutil>=2.8.0
Confidence: 90% confidence
Finding: tabulate>=0.9.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # Utilities tabulate>=0.9.0 python-dateutil>=2.8.0
Confidence: 90% confidence
Finding: python-dateutil>=2.8.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 77% confidence
Finding: requests

Known Vulnerable Dependency: aiohttp — 10 advisory(ies): CVE-2024-52303 (aiohttp has a memory leak when middleware is enabled when requesting a resource ); CVE-2026-34514 (AIOHTTP has CRLF injection through multipart part content type header constructi); CVE-2026-34517 (AIOHTTP has late size enforcement for non-file multipart fields causes memory Do) +7 more

High

Category: Supply Chain
Confidence: 74% confidence
Finding: aiohttp

Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)

Low

Category: Supply Chain
Confidence: 63% confidence
Finding: pytest

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal