Kubernetes Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is not deceptive, but it gives an agent broad Kubernetes control without enough safety boundaries for production-impacting actions.

Install only if you intend the agent to help operate Kubernetes clusters. Use a restricted kubeconfig or service account, verify the current cluster and namespace before each action, avoid cluster-admin credentials, and require explicit approval for production, secret, restore, deployment, scaling, or service-mesh changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill advertises cluster deployment, scaling, secret management, service mesh changes, and backup/restore capabilities without any warning that these actions can be destructive, security-sensitive, or production-impacting. In an agent context, omission of guardrails can lead to unsafe autonomous changes, accidental outages, or exposure of sensitive Kubernetes resources.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The examples include deployment, scaling, and status/debug actions against production or default namespaces without any confirmation, authorization, or rollback guidance. This is dangerous because it normalizes direct production-affecting commands for an agent, increasing the chance of unintended service disruption or unauthorized operational changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal