Kubernetes Skills
v1.0.0Configure Kubernetes autoscaling with HPA, VPA, and KEDA. Use for horizontal/vertical pod autoscaling, event-driven scaling, and capacity management.
⭐ 1· 2.1k·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name, description, and content all focus on Kubernetes autoscaling (HPA, VPA, KEDA). The examples and helper tool calls (e.g., keda_scaledobjects_list_tool, apply_manifest) are coherent for this purpose. The SKILL.md references 'kubectl-mcp-server tools' but the skill does not declare binaries — that implies it expects the agent/runtime to provide those tools.
Instruction Scope
Instructions stay within autoscaling tasks and include YAML examples and helper tool invocations. They do not instruct reading host system files or sending data to unknown external endpoints. However several examples reference secrets, connection strings, and env var names (PG_CONNECTION, MYSQL_CONNECTION, AWS credentials, amqp://user:pass@...) — these are legitimate examples for KEDA triggers but could cause sensitive data exposure if the agent/tooling has access to cluster secrets or is allowed to apply manifests without review.
Install Mechanism
No install spec and no code files — instruction-only. This is low-risk from install/execution distribution perspective (nothing will be downloaded or written by the skill itself).
Credentials
The skill declares no required env vars or credentials, which is appropriate. The documentation does show how triggers reference credentials/secrets in Kubernetes (and env var placeholders). That's expected, but you should confirm the agent won't be granted broader cluster credentials (or host env secrets) than necessary.
Persistence & Privilege
always is false and the skill does not request persistent system presence or attempt to modify other skills. The skill can be invoked autonomously by the agent (platform default) which is normal; combine that with any cluster-level permissions cautiously.
Assessment
This is an instruction-only autoscaling guide (HPA/VPA/KEDA) and appears coherent with that purpose. Before installing or enabling it: 1) Verify what runtime/tooling the agent provides (kubectl, KEDA helpers, MCP server) and whether those tools have access to your Kubernetes cluster. 2) Never grant the agent broad cluster-admin or host-level credentials just to use the skill — prefer scoped service accounts. 3) Review any manifests the agent will apply (secrets, connection strings) — replace inline credentials with Kubernetes Secrets and avoid hard-coded credentials in YAML. 4) Confirm the agent's tool wrappers do not exfiltrate cluster secrets or send data to external endpoints. 5) Because this skill is instruction-only, its safety depends on the agent and the permissions you give it; limit privileges and require manual review/apply steps if you are concerned.Like a lobster shell, security has layers — review code before you run it.
latestvk97cbmkx8hw67ddbgb49vz6nn57zyaqe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.