harness-keycloak-auth

This Harness skill's capabilities align with its stated purpose: it automates Keycloak admin tasks (client creation/updating, realm import) and integrates secrets into AWS Secrets Manager for use by EKS workloads. I found no evidence of obfuscated code, download-and-execute chains, or calls to suspicious third-party domains. The primary security concerns are operational: the skill requires high-privilege Keycloak admin credentials and AWS permissions, and it forwards secrets through the pipeline runner (Keycloak client secret -> pipeline -> AWS Secrets Manager). These behaviors are expected for the use case but increase risk if the pipeline environment, variables, or runner credentials are compromised or misconfigured. Recommend ensuring least-privilege IAM for the runner, restricting Keycloak admin credentials to a dedicated automation account, enabling secret redaction in logs, and using fine-grained AWS Secrets Manager permissions (limit put-secret-value to expected secret ARNs).