ClawHub

Huawei Cloud Cce Workload Manager

Security checks across malware telemetry and agentic risk

Overview

This Huawei Cloud Kubernetes skill is coherent, but it gives broad cluster-changing and credential-generating guidance without enough safeguards for destructive actions.

Install only if you intend to let an agent help with real Huawei Cloud CCE/UCS Kubernetes administration. Before use, narrow triggers and permissions, scope IAM/RBAC to specific clusters and namespaces, protect kubeconfig files as credentials, avoid inline passwords, and require explicit confirmation before deletes, rollbacks, scale changes, pod exec, port-forwarding, PVC deletion, namespace deletion, or any production operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (21)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The guide explicitly documents `kubectl exec -it <pod> ...`, which enables interactive command execution inside running containers. In a workload-management skill, this expands capabilities from lifecycle/observation into arbitrary in-cluster code execution, increasing the chance an agent could be steered into unauthorized exploration, tampering, or secret access within pods.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The document presents `kubectl exec -it ... -- sh` as part of observability, but this grants active command execution inside a running container rather than passive inspection. In a skill intended for workload management, this can normalize invasive access and enable misuse against sensitive workloads if users are not explicitly warned about authorization, audit, and least-privilege constraints.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
`kubectl port-forward` creates a local-to-cluster tunnel that can expose internal services to the operator workstation and bypass normal network access paths. Documenting it as a routine observability action without caveats increases the chance of unintended access to sensitive endpoints or use outside approved support workflows.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list contains very broad terms such as "Deployment," "Job," "Service," and generic Kubernetes-related words that can cause the skill to activate in contexts unrelated to Huawei Cloud CCE/UCS or where the user did not intend workload-management actions. In an agentic system, overbroad invocation increases the chance that a high-privilege operational skill is selected unnecessarily, expanding the attack surface for accidental or unsafe command generation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents destructive operations such as deleting Deployments, Jobs, CronJobs, and namespaces without requiring a confirmation step or warning about production impact. In an automated agent setting, this can lead to irreversible outages or data loss if the agent executes user-ambiguous or context-misread requests against the wrong cluster or namespace.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The reference includes multiple destructive operations such as deleting namespaces, deployments, statefulsets, daemonsets, pods, services, and manifest-managed resources without any caution about production impact, irreversibility, or data loss. In an agent skill, omission of safety guardrails makes accidental destructive actions more likely, especially when commands are copied or automated.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide instructs users to redirect returned kubeconfig content into a local file and use it with kubectl, but it does not warn that kubeconfig may contain bearer credentials or certificates granting cluster access. Without handling guidance, the file may be stored insecurely, committed to source control, shared in logs, or left with overly broad permissions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The examples show secrets passed directly on the kubectl command line via --from-literal and --docker-password. Command-line arguments can be exposed through shell history, audit logs, CI job logs, terminal recording, and process inspection by other local users, which can lead to credential disclosure even if Kubernetes stores the resulting Secret correctly. In this skill context, the risk is more significant because the document is operational guidance likely to be copied verbatim by administrators handling real cluster and registry credentials.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The guide documents production-affecting commands such as scaling, image updates, rollback, pause/resume, and force deletion against a `production` namespace without requiring operators to verify cluster context, namespace, or expected service impact first. In a skill intended to drive live `kubectl` actions, this increases the chance of accidental misdeployment or outage in the wrong cluster or namespace.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The file documents live-state modifying Kubernetes operations such as autoscale creation, patch, and delete without any warning, confirmation guidance, or rollback advice. In a cluster-management skill, this can cause unintended production impact because users may run commands directly against real namespaces and workloads, changing availability and scaling behavior.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The workflow writes kubeconfig material to disk and immediately uses it, but does not explicitly warn that the file contains bearer-style cluster access credentials. In this skill context, kubeconfig grants direct Kubernetes API access, so accidental exposure via backups, shell history, shared home directories, or later file reuse can lead to unauthorized cluster access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CI/CD example stores kubeconfig in /tmp, which is a common shared or broadly readable location on multi-user systems and CI runners unless carefully isolated. In a deployment skill, that kubeconfig can provide cluster-admin or namespace deployment rights, so temporary file exposure could let another process or job access the target cluster.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Windows instructions direct users to move kubectl.exe into C:\Windows, a protected system directory that is high risk for accidental system-wide modification and PATH hijacking concerns. While not overtly malicious, this encourages unnecessary privileged installation into a sensitive location when safer user-scoped locations are available.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The interactive debugging section lacks safety guidance even though it includes shell access and port-forwarding, both of which materially increase access to running workloads. Without warnings, operators may treat these commands as harmless observability steps and inadvertently bypass least-privilege, auditing, or exposure controls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file includes direct `kubectl delete` examples for StatefulSets and PVCs without an explicit warning about service interruption, irreversible data deletion, or the need for confirmation/backups. In an operational skill that may be followed verbatim, this increases the chance of accidental destructive actions against production workloads and persistent storage.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The DaemonSet deletion example omits a warning that removing a DaemonSet deletes node-wide agents across the cluster, which can immediately reduce or eliminate logging, monitoring, or security coverage on all nodes. While not inherently malicious, presenting the command without caution raises operational risk in a cluster-management skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document instructs users to create, scale, and delete live Kubernetes resources without an explicit warning that these are mutating operations against a real cluster. In a workload-management skill, this can lead to unintended changes in production-like environments if a user or agent follows verification steps blindly.

Credential Access

High
Category
Privilege Escalation
Content
"ucs:cluster:get",
        "ucs:quota:get",
        "cce:cert:create",
        "ucs:kubeconfig:create",
        "ucs:federationKubeconfig:get"
      ],
      "Resource": ["*"]
Confidence
86% confidence
Finding
kubeconfig

Credential Access

High
Category
Privilege Escalation
Content
"ucs:quota:get",
        "cce:cert:create",
        "ucs:kubeconfig:create",
        "ucs:federationKubeconfig:get"
      ],
      "Resource": ["*"]
    }
Confidence
86% confidence
Finding
Kubeconfig

Credential Access

High
Category
Privilege Escalation
Content
"cce:cluster:list",
        "cce:cert:create",
        "ucs:cluster:get",
        "ucs:kubeconfig:create",
        "ucs:federationKubeconfig:get",
        "ucs:quota:get"
      ],
Confidence
89% confidence
Finding
kubeconfig

Credential Access

High
Category
Privilege Escalation
Content
"cce:cert:create",
        "ucs:cluster:get",
        "ucs:kubeconfig:create",
        "ucs:federationKubeconfig:get",
        "ucs:quota:get"
      ],
      "Resource": ["*"]
Confidence
89% confidence
Finding
Kubeconfig

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal