Is kubernetes safe?

https://clawhub.ai/kcns008/kubernetes

82
SAFE

This Kubernetes skill is a comprehensive, well-structured operations reference with 6 bundled shell scripts for cluster management. It contains no prompt injection, data exfiltration, or malicious code. The primary risk is operational: the skill instructs the agent on powerful cluster commands (node draining, RBAC modification, ArgoCD force sync) that could impact production environments if executed without user confirmation. All scripts follow defensive coding practices and the installation was clean with no suspicious activity.

Category Scores

Prompt Injection 80/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 72/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (6)

MEDIUM Bundled shell scripts with destructive Kubernetes operations -18

The skill includes 6 shell scripts that can perform destructive cluster operations: node draining (node-maintenance.sh), ArgoCD force sync with pruning (argocd-app-sync.sh), and broad security scanning that queries all namespaces. While these are legitimate operational tools, they execute real kubectl commands that can impact production clusters.

LOW Broad operational scope requests implicit wide tool access -15

The skill covers 7 major operational areas (cluster ops, troubleshooting, manifests, security, GitOps, OpenShift, multi-cloud) and instructs the agent to use kubectl, oc, az, aws, gcloud, argocd, helm, velero, trivy, and kyverno CLIs. This broad scope means the agent may attempt to execute powerful infrastructure commands based on the skill's guidance.

LOW External documentation URLs referenced -5

The skill references 5 external documentation URLs (kubernetes.io, docs.openshift.com, AWS, Azure, GCP docs). All are official vendor documentation sites. No suspicious or attacker-controlled URLs detected.

INFO Scripts follow defensive coding practices 0

All scripts use 'set -e', separate diagnostic output (stderr) from machine-readable output (stdout JSON), include usage help, and node-maintenance.sh has an interactive confirmation prompt before destructive operations unless --force is specified.

INFO Secret manifest template uses placeholder values 0

The generate-manifest.sh secret type outputs placeholder credentials ('your-api-key-here', 'postgresql://user:pass@host:5432/db') with a comment to replace before applying, rather than attempting to read real secrets from the environment.

INFO Skill is structured documentation, not behavioral manipulation 0

The skill is essentially a well-organized Kubernetes operations handbook with automation scripts. It does not attempt to modify agent behavior, suppress output, chain with other skills, or establish persistence. Risk is purely operational (powerful commands being run against real clusters).