k8s-hpa-cost-tuning
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation in
SKILL.mdprovides standardkubectldiagnostic commands (such askubectl get hpaandkubectl top node) for the user to manually verify cluster state. These are non-automated, informative references for cluster administrators.- [SAFE]: The utility scripts query the well-known Datadog API service to retrieve cluster metrics. The destination domain defaults todatadoghq.comand can be configured by the user, which is standard behavior for observability tools.- [SAFE]: Credentials (Datadog API and APP keys) are accessed through environment variables rather than being hardcoded in the scripts, adhering to security best practices for credential management.- [SAFE]: The scripts are self-contained and do not require external NPM packages, relying only on native Node.js features likefs/promisesand the globalfetchAPI, which significantly reduces the supply chain attack surface.
Audit Metadata