Kubernetes
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only Kubernetes manifest helper; its noteworthy risks are normal ones around trusting installation sources and carefully handling generated Secret manifests.
This skill appears safe for generating Kubernetes YAML. Before installing, trust the source of the install command; before using outputs, review any Ingress or LoadBalancer exposure and handle Secrets through a secure secret-management process rather than committing plaintext values.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running an install command from a remote source can add or update local agent skill files.
The README offers a user-directed install from a moving GitHub tree path; this is expected installation documentation, but the source should be trusted before running it.
npx add https://github.com/wpank/ai/tree/main/skills/devops/kubernetes
Install from a trusted registry or reviewed source, and prefer pinned or verified sources when available.
If real credentials are placed into generated YAML and committed or shared, they could be exposed.
The skill includes Kubernetes Secret manifest examples that may be replaced with real credentials; the artifact also gives appropriate warnings against committing plaintext secrets.
type: Opaque stringData: DATABASE_PASSWORD: "changeme" API_KEY: "secret-api-key" ... Never commit secrets to Git in plain text
Use placeholders during generation and use Sealed Secrets, External Secrets Operator, Vault, or another approved secret-management workflow for production.