v1.0.0

Kubernetes Skills

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:53 AM.

Analysis

The skill is clearly about Kubernetes cluster management, but it guides high-impact cluster changes and kubeconfig retrieval without explicit scope or approval safeguards.

GuidanceUse this skill only if you want the agent to manage real Kubernetes Cluster API infrastructure. Before enabling it, verify the kubectl-mcp-server setup, use a least-privilege kube-context, and require explicit review before any apply, scale, upgrade, or kubeconfig retrieval action.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

kubectl_apply(manifest=""" ... kind: Cluster ... infrastructureRef: ... kind: AWSCluster ... """)

The skill instructs use of a raw Kubernetes apply operation to create Cluster API infrastructure resources. That is purpose-aligned, but it is high-impact and not bounded by approval, dry-run, kube-context, namespace, or rollback requirements.

User impactIf used against the wrong cluster or with an incorrect manifest, the agent could create or change Kubernetes/cloud infrastructure, affect availability, or incur costs.

RecommendationRequire explicit user approval for apply, scale, and upgrade actions; validate kube-context and namespace; use dry-run/diff before mutation; and run with least-privilege Kubernetes credentials.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

Manage Kubernetes clusters using kubectl-mcp-server's Cluster API tools (11 tools).

The skill depends on an external MCP tool server. This is disclosed and central to the purpose, but the artifact set does not include or verify that external server.

User impactThe safety of the skill depends partly on the configured kubectl-mcp-server and the Kubernetes permissions it exposes.

RecommendationVerify the MCP server source and configuration before use, and expose only the Kubernetes tools and permissions needed for the intended cluster-management task.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

capi_cluster_kubeconfig_tool(name="my-cluster", namespace="default")

# Returns kubeconfig to access the cluster

The skill includes a workflow to retrieve kubeconfig access material for workload clusters, but does not state how that credential-like output should be scoped, displayed, stored, or protected.

User impactA kubeconfig can grant continuing access to a Kubernetes cluster; mishandling it could expose cluster control to unintended users or contexts.

RecommendationOnly retrieve kubeconfigs after explicit user approval, avoid printing or storing them unnecessarily, restrict access with RBAC, and document how kubeconfig output should be handled.