GKE Hardening

Security checks across malware telemetry and agentic risk

Overview

This skill coherently provides a remote GKE hardening configuration generator, with the main caution that requests are sent to an external provider and include tracking identifiers.

Install only if you are comfortable sending selected GKE hardening options plus a session ID, timestamp, and possibly a user ID to the provider API. Do not include secrets or sensitive cluster details in free-form option values, and review generated YAML before applying it to any cluster.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly encourages collection of session IDs, user IDs, and timestamps for tracking and audit purposes, but provides no user-facing notice about what data is collected, why it is retained, or how it is protected. In a third-party security tool context, this creates a privacy and compliance risk because operators may transmit identifying metadata to an external service without informed consent or clear data-handling guarantees.

External Transmission

Medium

Category: Data Exfiltration
Content: # References - Kong Route: https://api.mkkpro.com/hardening/gke - API Docs: https://api.mkkpro.com:8147/docs
Confidence: 81% confidence
Finding: https://api.mkkpro.com/

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal