k8s skill
v1.0.1诊断Kubernetes集群问题。用户问Pod崩溃、部署失败、服务不可访问等K8s问题时使用。
⭐ 1· 46·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the implementation: the package contains an orchestrator and ~21 analyzer modules that use the kubernetes Python client to inspect Pods, Deployments, Services, PVCs, Nodes, Events, Secrets, Webhooks, etc. The declared dependency (kubernetes client) and requirement for a kubeconfig are appropriate for the stated diagnostic purpose.
Instruction Scope
SKILL.md instructs the agent to run functions from scripts/orchestrator.py and to locate kubeconfig via KUBECONFIG, ~/.kube/config, or a project config file. This will cause the skill to read the user's kubeconfig and query the Kubernetes API (list/read operations). Several analyzers (e.g., SecretAnalyzer) likely read Secret objects and may include details in reports — this is within diagnostic scope but exposes sensitive cluster data to the skill's output and to the calling agent.
Install Mechanism
No install spec is provided (instruction-only install), and included requirements.txt lists only kubernetes and pyyaml which are proportional. The skill bundles code (no external download/extract steps), so there is no high-risk network install mechanism.
Credentials
The skill requests no explicit environment variables, but its get_kubeconfig_path() will read KUBECONFIG or ~/.kube/config (and also falls back to a project config path). Access to kubeconfig (which can contain tokens/certs) is necessary for cluster diagnostics but is sensitive — ensure the kubeconfig used is intentional. The SKILL.md/README mention a project-provided kubeconfig (config/k8s-Test-admin.conf), but that file is not present in the provided file manifest — this discrepancy should be clarified.
Persistence & Privilege
always is false and the skill needs no special platform privileges. It does not include install-time scripts that modify system or other skills. The skill will run code in-process and can be invoked autonomously (normal default); that autonomy combined with access to cluster credentials increases blast radius but is expected for an agent-invokable diagnostic skill.
Assessment
This skill appears to be what it says: a read-only Kubernetes diagnostic toolkit. Before installing or invoking it: 1) Confirm which kubeconfig it will use — KUBECONFIG env var, ~/.kube/config, or a project config — and ensure you trust that kubeconfig. 2) Understand that Secret and other analyzers may read and include sensitive data from the cluster in reports; avoid running the skill against clusters containing secrets you don't want surfaced. 3) Note the README mentions a bundled config/k8s-Test-admin.conf but that file is not listed in the manifest — ask the author whether a project kubeconfig is included or packaged. 4) Install dependencies in a controlled environment (pip install -r requirements.txt) and consider running the skill with a kubeconfig that has minimal read-only permissions for diagnostics.Like a lobster shell, security has layers — review code before you run it.
latestvk97f4wm3kdrt275cjpz4d19prn84dwtr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.