ClawHub

deploy-k8s-cluster

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Kubernetes deployment guide, but it needs review because it asks for powerful SSH/root access and mixes ordinary cleanup with possible full cluster destruction.

Install only for dedicated or disposable Ubuntu machines you are comfortable reconfiguring. Prefer temporary SSH keys or temporary admin accounts over passwords, verify every IP and hostname, require exact command previews before each milestone, and do not approve M8 unless it clearly states whether it will delete only test namespaces/resources or destroy the whole cluster.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as a from-scratch Kubernetes deployment workflow, but it also exposes cleanup logic that can destroy namespaces or the entire cluster. That scope expansion is dangerous because an operator may invoke a 'cleanup' step expecting only test-resource removal and instead trigger destructive actions against freshly deployed or existing infrastructure.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation says test validation will not automatically clean up the environment, yet the associated cleanup milestone includes cluster destruction. This contradiction can mislead users into approving a benign-sounding cleanup operation that actually performs irreversible destructive actions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill asks users to provide SSH usernames and passwords but does not give clear guidance on secure handling, storage, masking, or safer alternatives. In a deployment skill that targets multiple root-capable hosts, collecting plaintext credentials materially increases the risk of secret exposure through chat logs, reports, configuration files, or tool output.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal