Back to skill

Security audit

Kubernetes Skills

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Kubernetes administration skill, but it gives an agent broad multi-cluster power over secrets, kubeconfigs, and live infrastructure changes without enough built-in guardrails.

Install only if you intentionally want an agent to help administer Kubernetes clusters. Use least-privileged kubeconfigs, make production contexts read-only by default, require human approval for writes, avoid manual raw-secret copying, and treat any retrieved kubeconfig as a sensitive credential with secure storage, auditing, rotation, and cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The cross-cluster secret sync example normalizes copying secret material between clusters without any caution, scope restriction, or discussion of encryption, access controls, or secret rotation. In a multi-cluster Kubernetes skill, this is risky because users may replicate sensitive credentials into less-trusted environments or broaden blast radius across clusters.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The rolling deployment example performs sequential production changes across multiple clusters but omits safety guidance such as approvals, canarying, rollback plans, and environment validation. In this skill context, that can encourage broad production-impacting actions with a simple loop, increasing the chance of operator error or mass outage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill includes examples for scaling machine deployments, Helm installs, Flux reconciles, and manifest application across clusters, but it does not clearly warn that these actions can change live infrastructure and may be disruptive. In a multi-cluster context, omission of a disruption warning increases the chance of accidental production changes or broad cross-cluster impact from routine use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.