Skills
skills/openhands/skills/kubernetes/Gen Agent Trust Hub

kubernetes

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill uses sudo to move binaries into /usr/local/bin/. While this is standard for software installation, it represents a privilege escalation vector if misused.
  • Evidence (SKILL.md): sudo mv ./kind /usr/local/bin/, sudo mv ./kubectl /usr/local/bin/.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill downloads executable binaries from external domains kind.sigs.k8s.io and dl.k8s.io. Although these are reputable official sources for Kubernetes tools, they are not on the explicitly trusted provider list for this analysis tool, requiring a review of the destination URLs.
  • Evidence (SKILL.md): curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.22.0/kind-linux-amd64.
  • [COMMAND_EXECUTION] (LOW): The skill performs cluster management operations using the installed kind binary, which interacts with the local Docker daemon.
  • Evidence (SKILL.md): kind create cluster.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:13 PM