ClawHub

K8s Incident Response Playbook Generator

Security checks across malware telemetry and agentic risk

Overview

This is an API-backed Kubernetes incident playbook skill that is coherent and disclosed, but users should be careful because incident and cluster details are sent to ToolWeb.

Install only if your organization permits sending Kubernetes incident details to ToolWeb. Avoid including secrets, tokens, customer data, or unnecessary internal identifiers, and review ToolWeb billing, retention, and privacy terms before using it during real incidents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to configure an external API key and send requests to a third-party endpoint, but it does not warn that incident details may leave the local environment and be transmitted to an external service. In the context of Kubernetes incident response, prompts may contain sensitive operational data, indicators of compromise, cluster topology, namespaces, secrets references, or breach details, creating a real risk of unintended data exfiltration to an external provider.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to transmit detailed Kubernetes incident data, cluster identifiers, workloads, indicators of compromise, and security tooling status to a third-party API without requiring explicit user consent or clearly warning about confidentiality and privacy implications. In an incident-response context, this data may be highly sensitive and could expose operational details, breach information, and regulated metadata to an external service.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal