Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
deploy-k8s-cluster
v1.0.0全新地、从无到有、从零开始,部署、搭建、创造、构建、安装、交付 Kubernetes(K8S)集群。 当遇到以下场景时使用此技能: (1) 用户当前没有 K8S 集群,希望从无到有、从零开始部署一套 (2) 用户希望部署、搭建、构建、创造、安装、交付一套新 K8S 环境 (3) 用户提供服务器资源(虚拟机/物理机...
⭐ 0· 78·0 current·0 all-time
byqos@t2phage
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and SKILL.md consistently describe provisioning a kubeadm-based Ubuntu K8s cluster. Requesting SSH access to target machines and root privileges is coherent with that purpose.
Instruction Scope
Instructions direct collection of node lists and SSH credentials and describe remote execution of multiple shell scripts (00-survey.sh ... 08-cluster-cleanup.sh). They require high privileges (root) and remote execution but do not specify secure handling, retention, or minimization of credentials. The instructions also reference many local files/directories (bin/, conf/, best-practice/*.md, report/) and automated scripts, yet the skill package contains only SKILL.md (no scripts). That mismatch is a practical and security concern.
Install Mechanism
There is no install spec or code to install; this is instruction-only. That keeps the install risk low, but also means the skill cannot actually perform scripted operations unless external scripts are supplied.
Credentials
The skill does not declare environment variables, but it asks the user to supply sensitive credentials (SSH username/password or to preconfigure key-based trust) and expects root access on target machines. While credential access is necessary for provisioning, the skill provides no instructions about secure transport, ephemeral use, or avoiding plaintext password sharing — increasing risk if users provide credentials directly.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It does plan to create logs, backups, and reports in named directories, which is normal for a deployment workflow, but there is no evidence it modifies other skills or system-wide agent settings.
Scan Findings in Context
[regex_scan_empty] expected: The static scanner found nothing to analyze because this is an instruction-only skill with no code files. That is expected for pure documentation-style skills.
[missing_artifacts_referenced_in_readme] unexpected: SKILL.md references deployment scripts (bin/*.sh), conf/, best-practice/*.md and directories for reports/logs, but the package contains only SKILL.md. For an automated deployment skill, missing runtime artifacts is inconsistent and suspicious: either the skill is a human-guidance doc (in which case it should not promise scripts), or it is incomplete and expects external files/URLs that are not provided.
What to consider before installing
Before installing or using this skill, consider the following:
- Do not hand over plaintext root passwords to an AI agent. Prefer to preconfigure SSH key-based trust (recommended) or provide time-limited, least-privilege access.
- Ask the publisher for the missing artifacts: the referenced scripts (00-survey.sh ... 08-cluster-cleanup.sh), the best-practice/*.md templates, and any binaries. Do not run remote scripts you cannot inspect first.
- If you intend to let the skill perform remote operations, obtain the full script repository or a trusted source URL (e.g., a vetted GitHub repo). Review the scripts for destructive actions (disk wiping, package sources changes, credential exfiltration) before execution.
- Test everything in an isolated environment (non-production VMs) first. Verify rollback/cleanup steps work and that backups are captured where you control them.
- Require explicit prompts and confirmations for each milestone (the skill states this, but enforce it in practice). Log all actions and rotate any credentials provided after the run.
- If the skill's source/homepage or author identity is unavailable, treat it as incomplete: prefer a skill with transparent sources or a manual runbook you control.
If the provider supplies the scripts/repository, have an experienced engineer audit them before granting remote/root access.Like a lobster shell, security has layers — review code before you run it.
latestvk9745m56bgpm9q3vn8h1jzz7cx83fzfw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.