Skylv Kubernetes Automation
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: skylv-kubernetes-automation Version: 1.0.1 The skill bundle consists of documentation and instructions (SKILL.md) for an AI agent to manage Kubernetes clusters via kubectl. The instructions are clearly aligned with the stated purpose of deploying, scaling, and troubleshooting applications, and there is no evidence of malicious intent, data exfiltration, or prompt injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-broad agent action could change production services, expose or alter cluster configuration, cause outages, or increase infrastructure costs.
These instructions describe mutating Kubernetes workloads and configuration, including production resources, without documenting approval, dry-run, namespace/context verification, or other safeguards.
Deploy apps, scale services, debug pods ... Manage configs — ConfigMaps, Secrets, Namespaces ... deploy app from deployment.yaml to production ... scale payment-api to 10 replicas
Use this only with explicit user approval for every mutating action. Require kubectl context and namespace confirmation, prefer dry-run/diff first, use least-privilege RBAC, and keep a rollback plan.
The agent may act with whatever Kubernetes privileges are already available locally, potentially including broad production or cluster-admin permissions.
The registry declares no credential or config requirements, but SKILL.md requires kubectl to be configured and connected to a cluster, which normally uses local kubeconfig tokens, certificates, or cloud-auth profiles.
Required env vars: none ... Primary credential: none ... Required config paths: none
Declare the kubectl/kubeconfig or cloud profile dependency, use a restricted service account or context, avoid cluster-admin credentials, and display the active context/namespace before actions.
Users must rely on whatever local Kubernetes tooling is already installed, and the registry metadata will not help verify that those tools are present or expected.
SKILL.md separately states that kubectl is required and Helm/Kustomize are optional, but those runtime dependencies are not declared in the registry metadata.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Install kubectl, Helm, and Kustomize only from trusted sources and verify the active versions and cluster context before using the skill.