ClawHub

Kubernetes Skills

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Kubernetes operations skill, but it gives an agent high-impact multi-cluster powers without enough guardrails for secrets, kubeconfigs, and production changes.

Install only if you intentionally want an agent to help administer Kubernetes clusters. Before use, restrict it to least-privileged kubeconfigs, make production read-only by default, require explicit human approval for writes, avoid copying raw secrets between clusters, and verify the external kubectl-mcp-server configuration and audit logging.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation recommends syncing secrets across clusters but does not warn that this copies highly sensitive material between trust boundaries and environments. In a multi-cluster Kubernetes skill, this can normalize unsafe handling of production credentials and increase the chance of accidental exposure, privilege expansion, or propagation of compromised secrets.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example performs sequential deployments to production clusters without any caution banner, approval step, or rollback guidance. In an operations-focused skill, examples are likely to be copied directly, so documenting live-cluster changes this casually increases the risk of unintended production impact or operator error.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Cluster API section instructs users to retrieve a workload cluster kubeconfig and save it to a file without warning that kubeconfigs may contain bearer tokens, client certificates, or other privileged access material. This is especially sensitive in a multi-cluster management context because one retrieved kubeconfig can grant broad administrative access to another cluster.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents multi-cluster lifecycle and deployment operations such as scaling machine deployments and installing Helm charts, but it does not clearly warn that these actions can change live environments across clusters. In a multi-cluster Kubernetes context, omission of impact warnings increases the chance of accidental production changes, outages, or drift because users may treat examples as safe read-only procedures.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The secret synchronization example shows reading secrets from one cluster and applying them to another without warning about sensitivity, exposure risk, scope expansion, or encryption/handling requirements. In a multi-cluster management skill, this is particularly dangerous because it normalizes cross-environment secret movement, which can leak credentials, duplicate trust boundaries, and spread compromise between clusters.

Credential Access

High
Category
Privilege Escalation
Content
# List CAPI-managed clusters
capi_clusters_list_tool(namespace="capi-system")

# Get workload cluster kubeconfig
kubeconfig = capi_cluster_kubeconfig_tool(
    name="workload-cluster-1",
    namespace="capi-system"
Confidence
91% confidence
Finding
kubeconfig

Credential Access

High
Category
Privilege Escalation
Content
capi_clusters_list_tool(namespace="capi-system")

# Get workload cluster kubeconfig
kubeconfig = capi_cluster_kubeconfig_tool(
    name="workload-cluster-1",
    namespace="capi-system"
)
Confidence
87% confidence
Finding
kubeconfig

Credential Access

High
Category
Privilege Escalation
Content
capi_clusters_list_tool(namespace="capi-system")

# Get workload cluster kubeconfig
kubeconfig = capi_cluster_kubeconfig_tool(
    name="workload-cluster-1",
    namespace="capi-system"
)
Confidence
87% confidence
Finding
kubeconfig

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal