ClawHub

Kubernetes Encyclopedia

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Kubernetes documentation helper whose network access and local cache writes are aligned with that purpose, with no evidence of deception or harmful behavior.

Install if you are comfortable with the skill fetching Kubernetes documentation from the network and creating or updating a local .Kubernetes-Encyclopedia workspace. Review where it stores cache and notes, and use it in a workspace where local documentation files are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill instructs the agent to perform network fetches and write files to a local workspace, but those operational capabilities are not explicitly declared as permissions. That creates a transparency and governance gap: a user or platform may believe this is a read-only advisory skill when it can modify local state and access external resources.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The description frames the skill primarily as a documentation and reasoning aid, but the workflow also includes initializing directories, fetching remote content, transforming it, and persisting caches and notes. That mismatch can mislead operators about the skill's side effects and trust boundary, increasing the chance of unintended filesystem changes or network egress in environments where such actions are sensitive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal