k8s skill

Security checks across malware telemetry and agentic risk

Overview

This Kubernetes diagnostic skill appears intended for troubleshooting, but it normalizes overly broad cluster access and admin kubeconfig use, so it should be reviewed before installation.

Install only if you are comfortable giving the skill read access to the target Kubernetes cluster. Use a user-provided, least-privilege kubeconfig rather than any admin config, avoid production cluster-admin credentials, confirm the current context before running diagnostics, and treat any suggested delete, rollback, debug, port-forward, or test-pod command as requiring explicit human approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger

Findings (19)

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The README explicitly instructs users to use a bundled admin kubeconfig, which is effectively distribution of privileged cluster credentials. For a diagnostic assistant, embedding or recommending preconfigured admin access is dangerous because anyone with the skill files may gain broad access to the Kubernetes cluster, enabling data exposure or destructive actions well beyond troubleshooting.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The documented use of `config/k8s-Test-admin.conf` indicates cluster-admin-level access for a tool whose stated purpose is diagnosis. That level of privilege is unjustified for routine read-oriented troubleshooting and materially increases the blast radius if the credential is leaked, copied, or misused.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The documentation for a troubleshooting skill includes disruptive and state-changing commands such as force-deleting Pods, rolling back Deployments, changing resource limits, and port-forwarding. In a skill described as diagnostic, these operations expand behavior from observation into mutation, increasing the chance an agent or operator uses them without adequate authorization, safeguards, or user confirmation.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The guide recommends creating ephemeral test workloads with kubectl run for connectivity checks, which mutates cluster state and may violate the stated diagnostic-only scope. Even temporary debug Pods can consume resources, trigger admission controls, create audit noise, or be misused in restricted environments.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The advanced guidance uses kubectl debug to attach an interactive debug container, which is a privileged cluster mutation beyond simple diagnosis. This can alter runtime state, expose sensitive process or filesystem context, and bypass the narrow operational scope implied by the skill description.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The code explicitly searches for and will use a bundled project kubeconfig file named 'config/k8s-Test-admin.conf' after checking user-controlled locations. In a diagnostic skill, embedding or auto-discovering an admin kubeconfig materially expands privilege and can cause the skill to access clusters with administrative rights far beyond the minimum needed for troubleshooting.

Context-Inappropriate Capability

Low

Confidence: 91% confidence
Finding: The helper named 'verify_k8s_connection' does more than local validation: it loads credentials and performs a live API request to list namespaces. That creates active cluster interaction that may surprise callers, trigger audit events, and validate privileged credentials in environments where a passive configuration check would be safer.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrases are broad, natural-language requests likely to overlap with common support conversations, increasing the chance the skill is invoked unexpectedly. In this skill's context, accidental invocation is more dangerous because the README also promotes use of high-privilege kubeconfig, so an unplanned activation could initiate sensitive cluster access.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation tells users to configure and use kubeconfig, including an admin config, but omits strong warnings about credential sensitivity, cluster access risks, and secret exposure. This increases the likelihood that users will mishandle privileged kubeconfig files, commit them to source control, or expose them in shared environments.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README explicitly instructs users to use a project-included admin kubeconfig, which implies bundled cluster credentials with elevated privileges. In the context of an IDE-integrated diagnostic skill that can act on natural-language requests, this is dangerous because it normalizes distribution and use of sensitive cluster-admin access without warnings, increasing the risk of credential leakage or overprivileged automated access to a live cluster.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Force-delete and rollback commands are presented as quick fixes without any warning about service disruption, data loss, rollout side effects, or the need for authorization. In operational documentation, omission of these cautions materially increases the likelihood of unsafe execution during incident response.

Credential Access

High

Category: Privilege Escalation
Content: ### 2. 配置Kubernetes连接 **方式A: 使用项目自带的kubeconfig（已配置）** 项目已在 `config/` 目录下配置了kubeconfig文件： - `config/k8s-Test-admin.conf`
Confidence: 99% confidence
Finding: kubeconfig

Credential Access

High

Category: Privilege Escalation
Content: **方式A: 使用项目自带的kubeconfig（已配置）** 项目已在 `config/` 目录下配置了kubeconfig文件： - `config/k8s-Test-admin.conf` **方式B: 手动配置到默认位置**
Confidence: 99% confidence
Finding: kubeconfig

Credential Access

High

Category: Privilege Escalation
Content: ### 2. Configure Kubernetes Connection **Option A: Use project-included kubeconfig (already configured)** The project has configured kubeconfig file in `config/` directory: - `config/k8s-Test-admin.conf`
Confidence: 98% confidence
Finding: kubeconfig

Credential Access

High

Category: Privilege Escalation
Content: **Option A: Use project-included kubeconfig (already configured)** The project has configured kubeconfig file in `config/` directory: - `config/k8s-Test-admin.conf` **Option B: Manually configure to default location**
Confidence: 96% confidence
Finding: kubeconfig

Credential Access

High

Category: Privilege Escalation
Content: ## Configuration ### kubeconfig Support Supports 3 configuration methods: 1. Project included: `config/k8s-Test-admin.conf` 2. Default location: `~/.kube/config`
Confidence: 91% confidence
Finding: kubeconfig

Unpinned Dependencies

Low

Category: Supply Chain
Content: # K8sSkill 依赖 kubernetes>=28.0.0 pyyaml>=6.0
Confidence: 91% confidence
Finding: kubernetes>=28.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: # K8sSkill 依赖 kubernetes>=28.0.0 pyyaml>=6.0
Confidence: 95% confidence
Finding: pyyaml>=6.0

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical

Category: Supply Chain
Confidence: 97% confidence
Finding: pyyaml

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal