ClawHub

kubernetes-expert

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is an instruction-only Kubernetes guidance skill, but users should review its cluster-wide secrets and RBAC examples before applying them.

This skill appears safe as instruction-only Kubernetes reference material. Before using its examples in a real cluster, review any kubectl commands and RBAC manifests, narrow them to the intended namespace and resources, and avoid granting broad Secret access unless you have a clear operational need.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Medium
What this means

Running these commands broadly could reveal cluster-wide information or sensitive Secret metadata/content depending on permissions.

Why it was flagged

These are Kubernetes troubleshooting command examples. They are purpose-aligned, but if an agent or user runs them against a real cluster, they can access sensitive resources or open an interactive shell inside a pod.

Skill content
kubectl get pods -o wide --all-namespaces ... kubectl exec -it <pod-name> -- /bin/bash ... kubectl get secrets --all-namespaces ... kubectl describe secret <secret-name>
Recommendation

Run kubectl commands only against the intended cluster and namespace, avoid broad all-namespaces secret queries unless necessary, and require explicit approval before executing commands that access sensitive resources or enter pods.

#ASI03: Identity and Privilege Abuse
Medium
What this means

A copied ClusterRoleBinding could give an application access to Secrets across the whole cluster, increasing the blast radius of an application compromise.

Why it was flagged

The RBAC example grants a service account cluster-wide read/list/watch access to Secrets and ConfigMaps and update access to Deployments. This is Kubernetes-relevant, but it is broader than many applications need if copied unchanged.

Skill content
kind: ClusterRole ... resources: ["configmaps", "secrets"] verbs: ["get", "list", "watch"] ... kind: ClusterRoleBinding ... name: web-app-sa
Recommendation

Prefer namespace-scoped Roles and RoleBindings, grant only the exact resources and verbs required, and avoid cluster-wide Secret access unless it is explicitly justified.