ClawHub

K8s Debug

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Kubernetes debugging skill, but it handles sensitive cluster diagnostics and credentials and has an avoidable shell-command injection risk that users should review before use.

Install only if you are comfortable granting the agent access to your current Kubernetes context. Use a least-privilege kubeconfig, confirm the cluster and namespace before running commands, do not set K8S_REQUEST_TIMEOUT from untrusted input, treat saved diagnostics as sensitive, and review any rollout, delete, drain, create-secret, or apply command before approving it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill instructs the agent to run shell commands (`kubectl`, scripts, Python) and write diagnostic output to files, but it does not declare permissions for shell, environment access, or file writes. That creates a trust and containment gap: an orchestrator may expose broader capabilities than intended, and users are not clearly informed that the skill can execute cluster-affecting commands and persist data. In this Kubernetes context, the risk is elevated because even primarily diagnostic commands can access sensitive cluster metadata, logs, and secrets-adjacent configuration, and the document also includes disruptive operational commands if followed.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script collects highly sensitive diagnostic material, including full pod YAML, events, and container logs, then writes it to an arbitrary user-specified path without warning, redaction, or permission controls. In a Kubernetes debugging context, these outputs commonly contain secrets, tokens, environment variables, internal hostnames, and application data, so indiscriminate file export increases the chance of credential disclosure or accidental persistence on shared systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal