Kubernetes Skills
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: k8s-browser Version: 1.0.0 The skill bundle provides extensive browser automation capabilities, including opening arbitrary URLs, injecting custom headers (e.g., Authorization tokens), filling forms with credentials, retrieving full page content, and taking screenshots. While these capabilities are plausibly needed for its stated purpose of 'Browser automation for Kubernetes dashboards and web UIs', they represent significant security risks. The `SKILL.md` file explicitly demonstrates the use of sensitive data like `admin-token` and `password` in examples, highlighting the potential for an AI agent to be prompted to access or manipulate sensitive internal web interfaces, leading to unauthorized data exposure or actions if misused via prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used against a production ArgoCD instance, the agent could roll out or reconcile application changes.
The documented browser workflow can trigger an ArgoCD application sync, which may change Kubernetes cluster state. This matches the skill's purpose but is a high-impact UI action.
# 4. Sync application browser_click(selector="button.sync-button") browser_click(selector="text=Synchronize")
Require explicit user approval and confirm the target cluster, namespace, and application before sync, deploy, delete, or other state-changing UI actions.
Credentials entered into an automated browser session could authorize sensitive reads or changes in Kubernetes, Grafana, or ArgoCD.
The skill documents using bearer tokens and admin login fields in browser automation. These are placeholders and are purpose-aligned, but they represent privileged dashboard access.
headers={"Authorization": "Bearer admin-token"}
...
browser_fill(selector="input[name=username]", text="admin")
browser_fill(selector="input[name=password]", text="password")Use least-privilege, short-lived credentials where possible, avoid pasting real secrets into prompts or logs, and close sessions after use.
Sensitive operational data could leave the local environment if a cloud browser provider is enabled.
The skill supports an optional cloud browser provider. When used for Kubernetes, Grafana, or ArgoCD pages, sensitive page content, screenshots, URLs, or authenticated sessions may be handled by that provider.
# Optional: Cloud provider export MCP_BROWSER_PROVIDER=browserbase # or browseruse export BROWSERBASE_API_KEY=bb_...
Prefer a local browser for sensitive clusters, or verify the provider's security and data-handling policy before using it with authenticated dashboards.