Kubernetes
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running an install command from a remote source can add or update local agent skill files.
The README offers a user-directed install from a moving GitHub tree path; this is expected installation documentation, but the source should be trusted before running it.
npx add https://github.com/wpank/ai/tree/main/skills/devops/kubernetes
Install from a trusted registry or reviewed source, and prefer pinned or verified sources when available.
If real credentials are placed into generated YAML and committed or shared, they could be exposed.
The skill includes Kubernetes Secret manifest examples that may be replaced with real credentials; the artifact also gives appropriate warnings against committing plaintext secrets.
type: Opaque stringData: DATABASE_PASSWORD: "changeme" API_KEY: "secret-api-key" ... Never commit secrets to Git in plain text
Use placeholders during generation and use Sealed Secrets, External Secrets Operator, Vault, or another approved secret-management workflow for production.