ClawHub

Kubernetes Skills

v1.0.0

Cluster API lifecycle management for provisioning, scaling, and upgrading Kubernetes clusters. Use when managing cluster infrastructure or multi-cluster operations.

1· 2k·3 current·3 all-time
byRohit Ghumare@rohitg00
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Cluster API lifecycle management) align with the SKILL.md which documents capi_* tool calls and kubectl_apply-based workflows for provisioning, scaling, and upgrading clusters.
Instruction Scope
Instructions are narrowly focused on Cluster API operations (listing clusters/machines, getting kubeconfigs, applying manifests). However, they include potentially destructive actions (kubectl_apply) and vague steps like 'Check infrastructure provider logs' that don't specify how to access provider credentials or logs. The skill assumes availability of capi_* tools and appropriate kubeconfig/permissions but doesn't state safeguards (e.g., confirmation before apply).
Install Mechanism
No install spec or code files are present (instruction-only), which minimizes installer risk. The SKILL.md assumes preexisting platform-provided tools rather than installing anything itself.
Credentials
The skill declares no required environment variables or credentials. Example manifests reference AWS provider kinds (AWSCluster, AWSMachineTemplate), which in practice often require cloud credentials somewhere (controller secrets or host config). The absence of any declared credential requirements is explainable but should be confirmed with the platform: who holds the cloud creds and kubeconfigs the skill will use?
!
Persistence & Privilege
No flags are set to prevent autonomous invocation (disableModelInvocation not set). That means the model could call capi_* tools or kubectl_apply automatically, potentially making changes to clusters. For a skill that can apply manifests and manage infrastructure, allowing autonomous invocation is a notable risk and should be explicitly controlled.
What to consider before installing
This skill appears to do what it says (manage Cluster API resources) but there are a few things to check before installing: 1) Confirm the platform supplies the capi_* and kubectl_apply tools and understand which kubeconfig or credentials those tools will use. 2) Ensure cloud provider credentials (if any) are stored and scoped appropriately — the skill itself doesn't declare needing them. 3) Consider disabling autonomous model invocation or requiring explicit user confirmation for any kubectl_apply actions, since the skill can perform destructive changes. 4) Test the skill in a non-production/staging environment first and only enable it if you trust its source and the execution safeguards.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cssx0myrbmdqe3nb20p8vj17zyndp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments