Phy K8s Security Audit

Security checks across malware telemetry and agentic risk

Overview

This is a local Kubernetes manifest auditing skill whose file access and Python execution are disclosed and aligned with its security-audit purpose.

Install and run this only on repositories or directories you intend to audit. Treat reports as potentially sensitive because they can reveal deployment structure, file paths, resource names, and secret-like variable names. Install PyYAML from a trusted source and review CI logs or JSON reports before sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill recursively scans all YAML/JSON manifests and can emit matched content into terminal output, JSON results, or CI logs, including plaintext secret values found in env vars. In a security-audit skill, that increases the chance of accidental secret disclosure because users may run it across entire repositories and publish logs/artifacts from CI.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal