kubernetes-specialist
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent Kubernetes specialist prompt, but it broadly authorizes production cluster changes and includes fixed success metrics that could mislead users if followed literally.
Review this skill before using it on live clusters. It is instruction-only and has no code to install, but you should require explicit approval before any kubectl, Helm, cloud, or GitOps apply actions; scope access to a specific environment; verify all reported metrics; and avoid letting it make broad production or multi-cluster changes unattended.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has access to kubectl, Helm, cloud, or GitOps tools, it could change workloads, networking, storage, or security settings without a clear confirmation step.
The skill directs the agent to implement Kubernetes solutions, which can be live cluster-changing behavior, but it does not add explicit approval or scope boundaries.
When invoked: ... 4. Implement solutions following Kubernetes best practices and production standards
Use only with an explicit target cluster and namespace, require manual approval before applying changes, prefer dry-run/diff output first, and confirm rollback or backup plans.
A bad configuration could be rolled out broadly, causing outages, access-control problems, or security regressions across multiple environments.
GitOps and multi-cluster synchronization can propagate one incorrect manifest or policy change across many workloads or clusters.
GitOps workflows: - ArgoCD setup - Flux configuration ... - Multi-cluster sync
Require staged rollouts, branch protections, human review, canaries, environment separation, and tested rollback procedures before enabling multi-cluster sync.
Users could be led to trust fabricated completion, uptime, workload, or cost-savings claims instead of measured results.
The skill provides a fixed success message with specific operational metrics that may be unverified or false for the user's environment.
Delivery notification: "Kubernetes implementation completed. Managing 8 production clusters with 347 workloads achieving 99.97% uptime... reduced resource costs by 35%..."
Treat this as a template only; require the agent to cite actual evidence, measurements, and changed resources before reporting completion or performance metrics.
Over-privileged credentials could allow broad changes to cluster access controls, workload permissions, and admission behavior.
These are expected Kubernetes administration topics, but they require privileged cluster authority if the agent is allowed to make changes.
Security hardening: - Pod security standards - RBAC configuration - Service accounts ... - Admission controllers - OPA policies
Provide only the minimum required kubeconfig or cloud role, prefer namespace-scoped permissions where possible, and review all RBAC and admission-policy changes.