performing-kubernetes-penetration-testing

This is an explicit Kubernetes penetration-testing playbook describing reconnaissance, exploitation, privilege escalation, lateral movement, and cleanup. It contains actionable offensive steps (token theft, privileged pod deployment, querying cloud metadata) that are operationally dangerous if used without authorization. The content is not executable malware, nor obfuscated, but it presents a moderate-to-high security risk if published or used improperly because it enables attackers to find and exploit misconfigurations. Use only in authorized testing contexts and ensure proper safeguards and auditability when applying these actions.

SUSPICIOUS. The skill’s behavior is coherent with its stated purpose, but that purpose is offensive Kubernetes penetration testing with live exploitation steps, privileged pod creation, and credential extraction. Install sources are mostly official same-org projects, reducing malware confidence, yet the agent capability set is inherently high risk and the unpinned raw GitHub execution paths add medium supply-chain risk.

This module is a reconnaissance and privilege-assertion utility that aggregates kubectl outputs to report cluster inventory, RBAC capability, exposed UI services, and pod escape indicators. It does not contain direct network exfiltration, obfuscated payloads, or embedded credentials, but it will surface sensitive cluster information when run with credentials that permit it. The script is dual-use: useful for authorized testing and auditing, but dangerous in untrusted hands or CI systems that capture output. Review and restrict execution to authorized operators and ensure output is handled securely.