ClawAudit verdict
kubectl-skill
A comprehensive kubectl reference guide documenting standard Kubernetes CLI commands for cluster management; all content is legitimate documentation with no evidence of exfiltration or malicious behavior.
⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Findings (10)
Process substitution with source — executes remote content
quick-reference.md · code · source <(
References sudo — requests elevated privileges
_index.md · code · sudo
HTTP request to bare IP address — common in malicious payloads
docker-cli-to-kubectl.md · code · https://203.0.113.141
Uses exec() — may execute shell commands
generated/kubectl_exec/_index.md · code · exec (
Accesses shell history/config
quick-reference.md · code · ~/.zshrc
Accesses Kubernetes config (may contain cluster credentials)
quick-reference.md · code · ~/.kube/config
Changes file ownership
_index.md · code · chown
Instructs covert action — may act without user awareness
generated/kubectl_apply/_index.md · prose · downgraded · silently
Base64 encoding/decoding
quick-reference.md · code · base64decode
Opens WebSocket connection
kubectl.md · prose · downgraded · WebSocket
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class B/E/F). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions — minimal attack surface.
Is this flag fair?
Thanks — recorded.