Back to Featured Skills
guangyusong
k8s-manifest-security-auditor
Enterprise-skills
Lint Kubernetes YAML manifests for security and reliability risks (privileged, hostNetwork/hostPID/hostIPC, hostPath, runAsNonRoot, allowPrivilegeEscalation, missing limits, latest tag).
Install Command
npx skills add https://github.com/XSpoonAi/spoon-awesome-skill/tree/master/enterprise-skills/k8s-manifest-security-auditor
Content
Skill.md
1.5 KBenterprise-skills
k8s-manifest-security-auditor
SKILL.md
requirements.txt
scripts
main.py
Skill.md
/ Read Only
Kubernetes Manifest Security Auditor
Static analysis for Kubernetes YAML manifests to catch common security and reliability risks (no cluster access required).
Overview
This skill parses Kubernetes multi-document YAML and emits a deterministic JSON report with findings ranked by severity.
Features
- Flags privileged containers
- Flags host namespace sharing (
hostNetwork,hostPID,hostIPC) - Flags
hostPathvolumes - Flags missing
runAsNonRoot: true - Flags missing
allowPrivilegeEscalation: false - Flags missing resource requests/limits
- Flags
:latestor missing image tags
Quickstart
python3 -m pip install -r requirements.txt
# Demo
python3 scripts/main.py --demo
# Audit a file
python3 scripts/main.py --params '{"manifest_path":"./k8s.yaml","ruleset":"restricted"}'Parameters
| Name | Type | Required | Description |
|---|---|---|---|
manifests_yaml | string | no | Multi-doc YAML string |
manifest_path | string | no | Path to a YAML file |
ruleset | string | no | baseline or restricted (default: baseline) |
max_findings | int | no | Maximum findings to return (default: 200) |
Example Output (Short)
{"ok":true,"data":{"risk_level":"CRITICAL","findings":[{"rule_id":"SEC_PRIVILEGED"}]}}Demo Screenshot
Installations
297
Skills Information
- Created
- 2026-02-13
- Last Updated
- 2026-03-23