Skills
skills/sigridjineth/kubespray-skills/kubespray-lab-setup/Gen Agent Trust Hub

kubespray-lab-setup

Fail

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The bootstrap scripts admin-lb.sh and init_cfg.sh both configure a hardcoded root password (qwe123) using the chpasswd command across all nodes in the lab environment.
  • [COMMAND_EXECUTION]: Provisioning scripts execute commands to permanently disable the system firewall (firewalld) and disable SELinux enforcement (setenforce 0) to facilitate cluster networking.
  • [COMMAND_EXECUTION]: The skill modifies /etc/ssh/sshd_config to enable PermitRootLogin and PasswordAuthentication, which significantly lowers the default security posture of the virtual machines.
  • [REMOTE_CODE_EXECUTION]: The admin bootstrap script fetches the Helm installation script from the project's official repository and executes it directly through the shell using bash.
  • [EXTERNAL_DOWNLOADS]: The skill downloads various software components from official and well-known sources, including the k9s binary from GitHub, the kubespray repository, and Kubernetes RPM packages from the official pkgs.k8s.io registry.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 28, 2026, 04:44 AM