Kubernetes
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: kubernetes-devops Version: 1.0.0 The OpenClaw AgentSkills skill bundle for Kubernetes manifest generation is benign. All files, including SKILL.md and various YAML templates, consistently focus on providing documentation and examples for creating secure and production-ready Kubernetes resources. Shell commands like `kubectl`, `curl`, and `nc` are either presented as instructions for the user to validate generated manifests or are part of Kubernetes YAML templates intended to run within pods, not executed by the OpenClaw agent itself. There is no evidence of prompt injection, data exfiltration, malicious execution, persistence mechanisms, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running an install command from a remote source can add or update local agent skill files.
The README offers a user-directed install from a moving GitHub tree path; this is expected installation documentation, but the source should be trusted before running it.
npx add https://github.com/wpank/ai/tree/main/skills/devops/kubernetes
Install from a trusted registry or reviewed source, and prefer pinned or verified sources when available.
If real credentials are placed into generated YAML and committed or shared, they could be exposed.
The skill includes Kubernetes Secret manifest examples that may be replaced with real credentials; the artifact also gives appropriate warnings against committing plaintext secrets.
type: Opaque stringData: DATABASE_PASSWORD: "changeme" API_KEY: "secret-api-key" ... Never commit secrets to Git in plain text
Use placeholders during generation and use Sealed Secrets, External Secrets Operator, Vault, or another approved secret-management workflow for production.