v1.0.0

Kubernetes Skills

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:53 AM.

Analysis

The skill is coherent for Velero-based Kubernetes backups, but it documents high-impact cluster restore and persistent scheduling actions without clear approval or scoping guardrails.

GuidanceUse this only with a trusted Velero/MCP setup and a tightly scoped Kubernetes context. Before any restore or schedule creation, confirm the target cluster, namespace mappings, backup name, resource filters, retention, and rollback plan.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

velero_restore_create_tool(name="my-restore", backup_name="my-backup") ... kubectl_apply(manifest="""apiVersion: velero.io/v1\nkind: Schedule ... includedNamespaces:\n    - production""")

These instructions use cluster-mutating restore and manifest-apply tools, including a production schedule, without documented confirmation, dry-run, target validation, or containment steps.

User impactA mistaken or overbroad invocation could restore workloads into the wrong cluster or namespace, overwrite existing resources, or create recurring backup jobs in production.

RecommendationRequire explicit user confirmation of cluster, namespace, backup name, resource scope, and restore plan before running restore or kubectl_apply actions; prefer dry-runs and least-scoped manifests.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

kind: Schedule ... schedule: "0 2 * * *"  # 2 AM daily ... includedNamespaces:\n    - production

The scheduled backup example creates a persistent Kubernetes/Velero resource that continues running daily after the immediate interaction.

User impactA persistent backup schedule can keep consuming cluster/storage resources and processing production data until it is changed or removed.

RecommendationConfirm schedule creation explicitly, document the owner and retention policy, and provide cleanup instructions for removing schedules that are no longer needed.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

SKILL.md

Manage backups and restores using kubectl-mcp-server's Velero tools.

The skill depends on external MCP Velero tools, but the provided artifact set contains only instructions and no reviewed implementation or install declaration for those tools.

User impactThe safety of actual cluster operations depends on the separately installed kubectl-mcp-server tools and the Kubernetes context they use.

RecommendationVerify the installed MCP server/tool implementation and ensure it is trusted, current, and configured for the intended cluster before using this skill.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

velero_backup_create_tool(name="daily-backup", namespaces=["production"], ttl="720h") ... include_resources=["configmaps", "secrets"]

The examples show access to production namespaces and Kubernetes secrets, which requires sensitive Kubernetes/Velero permissions even though that access is expected for backup and restore work.

User impactThe skill may operate with powerful cluster credentials capable of backing up or restoring sensitive workload configuration and secrets.

RecommendationUse a least-privileged Kubernetes context or service account, restrict allowed namespaces and resource types, and avoid granting broad cluster-admin access unless truly necessary.