Trust Assessment
k8s-multicluster received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Skill exposes function to retrieve raw Kubernetes secrets, Skill exposes function to view Kubernetes kubeconfig, Skill handles raw secret manifests, posing logging/storage risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill exposes function to retrieve raw Kubernetes secrets The skill documentation indicates the availability of a `get_secrets()` function. Kubernetes secrets often contain highly sensitive information such as API keys, database credentials, and other confidential data. If the output of this function is not strictly controlled, redacted, or masked before being returned to the LLM or logged, it poses a significant risk of data exfiltration and credential harvesting. An attacker could craft a prompt to cause the LLM to call this function and retrieve sensitive information from the connected Kubernetes clusters. Implement robust redaction or masking for the output of `get_secrets()` before it is returned to the LLM. Ensure that only metadata or sanitized versions of secrets are exposed by default. Consider requiring explicit user confirmation or a specific permission model for accessing raw secret values. | LLM | SKILL.md:70 | |
| MEDIUM | Skill exposes function to view Kubernetes kubeconfig The skill documentation indicates the availability of a `kubeconfig_view()` function, which is stated to show a 'sanitized kubeconfig'. While sanitization is intended to prevent credential exposure, the effectiveness of such sanitization is unknown without inspecting the implementation. Kubeconfigs contain sensitive authentication details. If the sanitization is incomplete or can be bypassed, this function could lead to the exfiltration of cluster credentials, allowing unauthorized access to Kubernetes clusters. Ensure the `kubeconfig_view()` implementation performs robust and verifiable sanitization of all sensitive fields (e.g., client-key-data, client-certificate-data, token, password, user credentials) before returning any part of the kubeconfig. Consider only returning metadata or requiring explicit, highly privileged access for any form of kubeconfig content. | LLM | SKILL.md:14 | |
| MEDIUM | Skill handles raw secret manifests, posing logging/storage risk The skill documentation shows `apply_manifest(secret_manifest, ...)` for secret synchronization. While applying manifests is an intended function, the handling of `secret_manifest` (which contains sensitive data) within the skill's implementation is critical. If the skill logs the raw `secret_manifest` or stores it insecurely, it could lead to data exfiltration. The LLM could also be prompted to generate or provide a malicious `secret_manifest`. Ensure that `secret_manifest` content is never logged or stored in an unencrypted or insecure manner by the skill. Implement strict input validation and consider redacting sensitive fields from any internal logging or error messages related to `secret_manifest`. | LLM | SKILL.md:73 |
Scan History
Embed Code
[](https://skillshield.io/report/d99521c644fe4ac7)
Powered by SkillShield