Back to skill
Skillv0.1.0
VirusTotal security
K8s Debug · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:10 AM
- Hash
- f174f0b1a67381ae0c895f1906331a11fca4ba347bebf7da5296e2edada01b60
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: k8s-debug Version: 0.1.0 The k8s-debug skill bundle provides comprehensive Kubernetes diagnostic capabilities but contains high-risk behaviors and security vulnerabilities. The scripts `scripts/network_debug.sh` and `scripts/pod_diagnostics.py` perform sensitive operations including executing arbitrary commands inside pods via `kubectl exec` and reading service account tokens to probe the Kubernetes API. Additionally, `scripts/network_debug.sh` and `scripts/cluster_health.sh` are vulnerable to shell injection because they interpolate variables like `$POD_NAME` directly into command strings executed via `bash -c` in the `run_pipe_or_warn` function. While these actions are plausibly intended for debugging, the combination of high-privilege access and lack of input sanitization poses a significant risk.
- External report
- View on VirusTotal