Kubernetes

The skill legitimately targets cluster operations, GitOps, security, observability and artifact management and includes many helper scripts to do so. However, the registry metadata claims no required binaries, no environment variables, and no config paths, while SKILL.md and the included scripts clearly expect tools like kubectl/oc/helm/argocd/jq and access to kubeconfigs and cloud provider credentials (aws/az/gcloud/rosa). The lack of declared requirements/credentials is incoherent with the actual capabilities.

The runtime instructions and many scripts perform cluster reads and writes (kubectl/oc apply, argocd sync, image scans, etc.), generate and modify manifests, provision namespaces, run etcd backups, and instruct agents to read repository files (WORKING.md, LOGS.md, INCIDENTS.md) and git history. The SKILL.md also references external communication channels (Slack, Teams, PagerDuty) but does not declare how tokens/credentials are supplied. The session start protocol requires reading local files and git logs which can expose repository state and secrets if present. Overall the instruction scope goes beyond simple read-only guidance and enables actions that require privileged access.

There is no formal install spec in registry metadata (instruction-only), but SKILL.md suggests installing via npx pulling from a GitHub repo (github.com/kcns008/cluster-agent-swarm-skills). The repository contains many executable scripts that would be cloned/executed if the agent runs them. Cloning from a GitHub repo is common, but it means arbitrary scripts from that repo become available — review the repository before running. No downloads from obscure URLs are present in the metadata, but the 'npx skills add' pattern implicitly fetches code from an external source.

The skill requests no environment variables or credentials in its manifest, yet the scripts and SKILL.md clearly require access to: kubeconfig (or a configured kubectl/oc), cloud provider credentials (AWS/Azure/GCP/ROSA), container registry credentials, and potentially credentials for Slack/Teams/PagerDuty/Vault. That mismatch is problematic: installing this skill without explicit credential declarations can lead to the agent accessing sensitive credentials available in the environment (e.g., ~/.kube/config, CLI default credentials) without the user being warned.

always: false (normal). The skill defines heartbeat schedules and persistent log/state files (logs/LOGS.md, memory/MEMORY.md) that agents are expected to read/write. Autonomous invocation is allowed (platform default) and would let the agent execute scripts against clusters. This is expected for an automation skill, but combined with the missing credential declarations it increases risk: an autonomously-invoking agent could act on any credentials available to the runtime environment.