K8s Fta Skill

Security checks across malware telemetry and agentic risk

Overview

This Kubernetes troubleshooting skill is coherent, but it asks for broad cluster and control-plane authority while encouraging automatic fixes that can change or disrupt live workloads.

Install only if you intend to let an agent operate against Kubernetes. Use a deliberately selected, least-privilege kubeconfig and namespace, avoid production unless reviewed internally, and require the agent to show every command before running it. Do not allow automatic patch, delete, exec, RBAC, certificate, or etcd actions without explicit approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (16)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill is presented as a kubectl-based Kubernetes troubleshooting tool, but it expands into host-level and control-plane operations such as openssl, kubeadm, etcdctl, and service/runtime inspection. That scope expansion materially increases privilege requirements and blast radius, enabling access to control-plane secrets and node internals beyond what a user may expect from the description.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: Direct node and container-runtime inspection/management goes beyond ordinary cluster troubleshooting and can affect host integrity and workload isolation. Commands like systemctl status, docker ps, or equivalent runtime tooling can expose host-level state and encourage escalation from namespace-scoped diagnosis to node administration.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The document claims modification operations require prior confirmation, but later sections authorize direct automatic fixes. This contradiction is dangerous because operators may rely on the stated safeguard while the skill still performs cluster-altering actions such as patching or deleting resources.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill includes automatic repair examples that patch pods/services and delete pods without a clear confirmation gate at the point of execution. These are state-changing and potentially destructive operations that can cause downtime, restart storms, misconfiguration, or accidental disruption in production clusters.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The top-level description advertises automatic execution of troubleshooting and repair commands without sufficiently prominent warning about privileged, cluster-impacting behavior. Users may invoke the skill expecting analysis only, while it may perform actions that alter workloads, permissions, networking, or control-plane state.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The skill directs broad inspection of logs, resolver configuration, certificates, and etcd-related materials without minimization or handling limits. In Kubernetes environments these outputs can contain secrets, tokens, internal service topology, customer data, or sensitive control-plane information, creating a significant data-exposure risk.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: { "id": 2, "prompt": "My Pod keeps restarting with CrashLoopBackOff status, how to troubleshoot?", "expected_output": "Automatically execute kubectl get pods to identify abnormal Pod, run kubectl describe and kubectl logs commands to analyze the issue, and provide automatic fix recommendations", "files": [] }, {
Confidence: 96% confidence
Finding: Automatically execute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: { "id": 4, "prompt": "Service is created but cannot be accessed, how to troubleshoot?", "expected_output": "Automatically execute kubectl get svc and kubectl describe svc commands to check Service configuration, run kubectl get endpoints to check backend Pods, and provide automatic fix recommendations", "files": [] }, {
Confidence: 96% confidence
Finding: Automatically execute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: { "id": 6, "prompt": "Pod is stuck in Pending status and cannot be scheduled, how to troubleshoot?", "expected_output": "Automatically execute kubectl describe pod, kubectl get resourcequota, and kubectl describe node commands to analyze resource issues, and provide automatic fix recommendations", "files": [] }, {
Confidence: 95% confidence
Finding: Automatically execute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: { "id": 8, "prompt": "Pod is OOMKilled, how to resolve?", "expected_output": "Automatically execute kubectl describe pod and kubectl top pod commands to check memory usage, analyze memory limit issues, and provide automatic fix recommendations", "files": [] }, {
Confidence: 95% confidence
Finding: Automatically execute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: { "id": 10, "prompt": "Health check failures causing Pod restarts, how to troubleshoot?", "expected_output": "Automatically execute kubectl describe pod and kubectl logs commands to check health check configuration, analyze health check failure causes, and provide automatic fix recommendations", "files": [] }, {
Confidence: 95% confidence
Finding: Automatically execute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: { "id": 12, "prompt": "RBAC permission denied errors, how to resolve?", "expected_output": "Automatically execute kubectl auth can-i, kubectl get role, and kubectl get rolebinding commands to check permission configuration, analyze permission issues, and provide automatic fix recommendations", "files": [] }, {
Confidence: 98% confidence
Finding: Automatically execute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: { "id": 14, "prompt": "Pod cannot resolve domain names, how to troubleshoot DNS issues?", "expected_output": "Automatically execute kubectl exec nslookup and kubectl get svc kube-dns commands to check DNS configuration, analyze DNS resolution issues, and provide automatic fix recommendations", "files": [] }, {
Confidence: 97% confidence
Finding: Automatically execute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: { "id": 16, "prompt": "HPA auto-scaling not working, how to troubleshoot?", "expected_output": "Automatically execute kubectl get hpa, kubectl describe hpa, and kubectl get pods metrics-server commands to check HPA configuration, analyze scaling issues, and provide automatic fix recommendations", "files": [] }, {
Confidence: 94% confidence
Finding: Automatically execute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: { "id": 18, "prompt": "k3s cluster Pod in CrashLoopBackOff status, how to troubleshoot?", "expected_output": "Automatically execute kubectl get pods to identify abnormal Pod, run kubectl describe and kubectl logs commands to analyze the issue, and provide automatic fix recommendations (supports k3s)", "files": [] }, {
Confidence: 95% confidence
Finding: Automatically execute

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: { "id": 20, "prompt": "k3s service cannot be accessed, how to troubleshoot?", "expected_output": "Automatically execute kubectl get svc and kubectl describe svc commands to check Service configuration, run kubectl get endpoints to check backend Pods, and provide automatic fix recommendations (supports k3s)", "files": [] } ]
Confidence: 95% confidence
Finding: Automatically execute

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal