Description

Analyzes Kubernetes YAML manifests for security misconfigurations, best practices violations, and compliance risks.

README (SKILL.md)

Overview

Name: K8s Security Review
Author: krishnakumarmahadevan-cmd

Kubernetes Security Review is a specialized security analysis tool that scans Kubernetes YAML manifests for vulnerabilities, misconfigurations, and deviations from industry security best practices. Organizations using Kubernetes in production environments can leverage this tool to identify and remediate security gaps before deployment.

The tool performs comprehensive static analysis on Kubernetes resources, detecting issues such as missing security contexts, overly permissive RBAC configurations, exposed secrets, resource limits violations, and container image best practices. This proactive approach helps prevent common Kubernetes security incidents and ensures compliance with organizational security policies.

Ideal users include DevOps engineers, platform security teams, Kubernetes administrators, and organizations implementing security-as-code practices. The tool integrates seamlessly into CI/CD pipelines, policy enforcement workflows, and infrastructure-as-code validation processes.

Usage

Sample Request

{
  "yaml_content": "apiVersion: v1\
kind: Pod\
metadata:\
  name: web-app\
  namespace: production\
spec:\
  containers:\
  - name: nginx\
    image: nginx:latest\
    ports:\
    - containerPort: 80\
    securityContext:\
      runAsNonRoot: false\
      privileged: true\
    resources:\
      requests:\
        memory: \"64Mi\"\
        cpu: \"250m\"\
    volumeMounts:\
    - name: config\
      mountPath: /etc/config\
  volumes:\
  - name: config\
    secret:\
      secretName: db-credentials"
}

Sample Response

{
  "manifest_valid": true,
  "findings": [
    {
      "severity": "HIGH",
      "rule_id": "K8S-001",
      "category": "Security Context",
      "message": "Container running in privileged mode - potential security risk",
      "resource": "Pod/web-app/containers/nginx",
      "recommendation": "Set privileged: false and use specific capabilities instead"
    },
    {
      "severity": "HIGH",
      "rule_id": "K8S-002",
      "category": "Container Image",
      "message": "Using image tag 'latest' is not recommended in production",
      "resource": "Pod/web-app/containers/nginx",
      "recommendation": "Pin image to a specific version tag (e.g., nginx:1.25.3)"
    },
    {
      "severity": "MEDIUM",
      "rule_id": "K8S-003",
      "category": "Security Context",
      "message": "Container should run as non-root user",
      "resource": "Pod/web-app/containers/nginx",
      "recommendation": "Set runAsNonRoot: true and specify a non-zero uid"
    },
    {
      "severity": "MEDIUM",
      "rule_id": "K8S-004",
      "category": "Pod Security",
      "message": "Pod does not enforce read-only root filesystem",
      "resource": "Pod/web-app",
      "recommendation": "Set readOnlyRootFilesystem: true where possible"
    }
  ],
  "summary": {
    "total_findings": 4,
    "high_severity": 2,
    "medium_severity": 2,
    "low_severity": 0,
    "compliance_score": 65
  }
}

Endpoints

POST /review-k8s

Analyzes a Kubernetes YAML manifest for security issues, misconfigurations, and best practices violations.

Method: POST

Path: /review-k8s

Parameters:

Name	Type	Required	Description
`yaml_content`	string	Yes	Complete Kubernetes YAML manifest as a string. Can include single or multiple resources (Pods, Deployments, Services, ConfigMaps, Secrets, RBAC definitions, Network Policies, etc.).

Request Body:

{
  "yaml_content": "\x3Ckubernetes-yaml-manifest>"
}

Response (200 OK): Returns a comprehensive security analysis report including:

manifest_valid: Boolean indicating if YAML is syntactically valid
findings: Array of security findings, each containing:
- severity: One of HIGH, MEDIUM, LOW
- rule_id: Unique identifier for the security rule
- category: Type of finding (e.g., Security Context, Container Image, Pod Security, RBAC, Secrets Management)
- message: Detailed description of the issue
- resource: Kubernetes resource path affected
- recommendation: Remediation guidance
summary: Aggregate statistics including total findings, severity breakdown, and compliance score

Response (422 Validation Error): Returned when the request payload fails validation.

{
  "detail": [
    {
      "loc": ["body", "yaml_content"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

Pricing

Plan	Calls/Day	Calls/Month	Price
Free	5	50	Free
Developer	20	500	$39/mo
Professional	200	5,000	$99/mo
Enterprise	100,000	1,000,000	$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Kong Route: https://api.mkkpro.com/security/k8s-security-review
API Docs: https://api.mkkpro.com:8022/docs

Usage Guidance

Before installing or using this skill: 1) Treat any Kubernetes manifest you send to an external service as potentially sensitive — avoid sending manifests that contain Secrets, passwords, tokens, kubeconfigs, or other credentials. 2) Ask the skill author or registry for the exact base URL the agent will call, how network requests are authenticated, and the vendor's data retention/privacy policy. The SKILL.md lists toolweb.in and api.mkkpro.com — verify those endpoints independently. 3) If you prefer no network exposure, use a local/offline linter instead (examples: kube-linter, kubeconform, kubesec, conftest, Polaris). 4) Test with non-sensitive example manifests first and confirm where telemetry or logs are sent. If the vendor expects an API key or paid plan, demand that the skill declare the required credentials explicitly before use.

Capability Analysis

Type: OpenClaw Skill Name: k8s-security-review Version: 1.0.0 The skill is a legitimate security tool designed to analyze Kubernetes YAML manifests for misconfigurations and compliance risks. It functions by sending user-provided manifest content to an external API (api.mkkpro.com) for static analysis, which is consistent with its stated purpose in SKILL.md and openapi.json. No evidence of malicious intent, prompt injection, or unauthorized data exfiltration was found.

Capability Assessment

ℹ Purpose & Capability

Name/description match the behavior in SKILL.md (it analyzes Kubernetes manifests). However the README includes external service references and pricing (toolweb.in, api.mkkpro.com) even though the endpoints section only lists a relative path (/review-k8s) and the skill requests no credentials. It's plausible this is a wrapper for a hosted API, but the skill does not declare the base URL, network usage, or any required API key, which is an unexplained gap.

⚠ Instruction Scope

SKILL.md instructs sending full Kubernetes YAML as the request body. Kubernetes manifests often contain secrets, credentials, or other sensitive information; the instructions do not warn about sensitive data, nor do they describe retention, privacy, or where the manifest will be sent. Because the skill appears to depend on an external API (vendor links provided), this creates a real risk of inadvertent exfiltration of sensitive config.

✓ Install Mechanism

Instruction-only skill with no install spec and no bundled code — minimal disk footprint and no packages to review. This is the lowest-risk install model.

ℹ Credentials

The skill requests no environment variables or credentials, which is consistent with a simple analyzer. However the documentation advertises paid plans and external endpoints, yet asks for no API key or auth — either the service is public/free (possible) or the skill omits required auth details. This mismatch should be clarified.

✓ Persistence & Privilege

The skill does not request always:true, does not require special OS restrictions, and does not request system config paths or persistent credentials. It uses normal, user-invocable privileges.

Version History

v1.0.0

Kubernetes Security Review 1.0.0 – Initial Release - Launch of a tool to analyze Kubernetes YAML manifests for security misconfigurations, best practices violations, and compliance risks. - Provides static analysis for vulnerabilities such as missing security contexts, dangerous RBAC settings, exposed secrets, and improper resource limits. - Integrates with CI/CD workflows and is suitable for DevOps, security teams, and Kubernetes administrators. - Includes a /review-k8s POST endpoint that returns detailed findings, severity ratings, recommendations, and a compliance score. - Offers multiple pricing tiers (Free, Developer, Professional, Enterprise) to accommodate different usage levels.

Metadata

Slug k8s-security-review

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is K8s Security Review?

Analyzes Kubernetes YAML manifests for security misconfigurations, best practices violations, and compliance risks. It is an AI Agent Skill for Claude Code / OpenClaw, with 175 downloads so far.

How do I install K8s Security Review?

Run "/install k8s-security-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is K8s Security Review free?

Yes, K8s Security Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does K8s Security Review support?

K8s Security Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created K8s Security Review?

It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.0.0.

More Skills

K8s Security Review