Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

indrasvat/k8s-diff

Name: k8s-diff
Author: indrasvat

skills/k8s-diff/SKILL.md

npx skillsauth add indrasvat/claude-code-skills k8s-diff

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

K8s Manifest Diff

Render manifests, diff against cluster or git, flag risks. Read-only.

1. Prerequisites

command -v kubectl -- REQUIRED. Abort immediately if missing.
helm, kustomize -- optional, detected from input. kubectl kustomize as fallback.
If --context in $ARGUMENTS, pass --context <value> to all kubectl calls.
Run kubectl cluster-info to test access. If unreachable, set CLUSTER_AVAILABLE=false and continue (git-based diff still works). Print kubectl config current-context if available.
Fail fast only if kubectl binary is missing.

2. Detection

Determine type from input path in $ARGUMENTS:

Chart.yaml in directory --> Helm (helm template).
kustomization.yaml/kustomization.yml --> Kustomize (kubectl kustomize).
Plain .yaml/.yml --> raw YAML (cat). Single file always uses raw mode.

3. Render

Render to temp file (mktemp, cleaned up via trap on exit):

Helm: helm template <release> <chart-path> [--values values.yaml] > "$RENDERED"
Kustomize: kubectl kustomize <dir> > "$RENDERED"
Raw: cat <files> > "$RENDERED" Split into individual resources keyed by apiVersion/kind/namespace/name.

4. Diff

Live cluster diff (when --context present or cluster reachable): Fetch live version per resource: kubectl get <kind> <name> -n <ns> -o yaml. Strip .metadata.managedFields and kubectl.kubernetes.io/last-applied-configuration annotation. Compare with diff -u.

Git diff (no cluster target): Render the same manifests at git merge-base HEAD main. Diff with diff -u.

5. Risk Flags

Scan each diff hunk:

| Level | Patterns | |-------|----------| | CRITICAL | Namespace deletion, PV/PVC removal, RBAC escalation (new ClusterRoleBinding, added verbs) | | HIGH | Resource limits reduced >50%, replicas to 0, image tag to latest | | MEDIUM | New CRD apiVersion, Service port change, ConfigMap key removal | | LOW | Label/annotation changes, resource request adjustments |

6. Secret Masking

Before display, scan for keys matching password, secret, token, key, credential (case-insensitive). Replace values with [REDACTED] in both rendered and live YAML.

7. Resource Identity

Match by apiVersion/kind/namespace/name. Use - as namespace for cluster-scoped resources.

In render but not cluster: NEW. In cluster but not render: ORPHANED.

8. Output

Print in order:

Summary: N added, M modified, K removed
Risk table (if any):

| Resource | Risk | Detail |
|----------|------|--------|
| apps/v1/Deployment/prod/api | CRITICAL | replicas: 3 -> 0 |

Full unified diff with secrets redacted. No preamble. Lead with summary tables.

9. Idempotency

Strictly read-only. Temp files only, cleaned on exit. Never applies, patches, or deletes resources.

$ARGUMENTS

indrasvat/k8s-diff

skills/k8s-diff/SKILL.md

Render Kubernetes manifests (Helm, Kustomize, raw YAML) and diff against a live cluster or previous render, flagging risky changes. Use when the user says "k8s diff", "manifest diff", "helm diff", "kustomize diff", "what changed in k8s", "compare manifests", "show k8s changes", "what will deploy", "dry run deploy", "preview deploy", "cluster drift", or wants to see Kubernetes resource changes before applying.

3 stars

devops

Updated May 23, 2026

$ install --global

skillsauth

npx skillsauth add indrasvat/claude-code-skills k8s-diff

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 23, 2026, 8:16 AM286.4s1 file scanned

SKILL.md

name:: k8s-diff
description:: >
allowed-tools:: Bash, Read, Grep, Glob
argument-hint:: <path-to-manifests> [--context <k8s-context>]

K8s Manifest Diff

Render manifests, diff against cluster or git, flag risks. Read-only.

1. Prerequisites

command -v kubectl -- REQUIRED. Abort immediately if missing.
helm, kustomize -- optional, detected from input. kubectl kustomize as fallback.
If --context in $ARGUMENTS, pass --context <value> to all kubectl calls.
Run kubectl cluster-info to test access. If unreachable, set CLUSTER_AVAILABLE=false and continue (git-based diff still works). Print kubectl config current-context if available.
Fail fast only if kubectl binary is missing.

2. Detection

Determine type from input path in $ARGUMENTS:

Chart.yaml in directory --> Helm (helm template).
kustomization.yaml/kustomization.yml --> Kustomize (kubectl kustomize).
Plain .yaml/.yml --> raw YAML (cat). Single file always uses raw mode.

3. Render

Render to temp file (mktemp, cleaned up via trap on exit):

Helm: helm template <release> <chart-path> [--values values.yaml] > "$RENDERED"
Kustomize: kubectl kustomize <dir> > "$RENDERED"
Raw: cat <files> > "$RENDERED" Split into individual resources keyed by apiVersion/kind/namespace/name.

4. Diff

Git diff (no cluster target): Render the same manifests at git merge-base HEAD main. Diff with diff -u.

5. Risk Flags

Scan each diff hunk:

6. Secret Masking

Before display, scan for keys matching password, secret, token, key, credential (case-insensitive). Replace values with [REDACTED] in both rendered and live YAML.

7. Resource Identity

Match by apiVersion/kind/namespace/name. Use - as namespace for cluster-scoped resources.

In render but not cluster: NEW. In cluster but not render: ORPHANED.

8. Output

Print in order:

Summary: N added, M modified, K removed
Risk table (if any):

| Resource | Risk | Detail |
|----------|------|--------|
| apps/v1/Deployment/prod/api | CRITICAL | replicas: 3 -> 0 |

Full unified diff with secrets redacted. No preamble. Lead with summary tables.

9. Idempotency

Strictly read-only. Temp files only, cleaned on exit. Never applies, patches, or deletes resources.

$ARGUMENTS

Related Skills

indrasvat/triage-pr

development

VerifiedTrustedCommunity

Fetch, categorize, and address PR review comments in priority order. Classifies each comment as BLOCKER, QUESTION, SUGGESTION, or NITPICK and works through blockers first. Use when the user says "address PR comments", "fix review feedback", "respond to PR", "handle review comments", "triage PR", "what does the reviewer want", "address feedback", "PR comments", "review feedback", or needs to work through pull request review comments systematically.

3SKILL.mdUpdated May 23, 2026

indrasvat/ship-pr

testing

VerifiedTrustedCommunity

Create a pull request with a standards compliance review gate. Reviews the diff against CLAUDE.md and repo conventions before creating the PR, stopping on discrepancies. Supports tiered PR templates (small, standard, complex). Use when the user says "create PR", "open PR", "ship it", "ship PR", "make a pull request", "push and PR", "ready for review", "send for review", "create a pull request", or wants to create a GitHub pull request from the current branch.

3SKILL.mdUpdated May 23, 2026

indrasvat/rollout-check

testing

VerifiedTrustedCommunity

Verify Kubernetes deployment health — pod status, rollout progress, events, readiness, HPA state, and recent errors. Use when the user says "check rollout", "is deploy healthy", "rollout status", "deployment health", "pod status", "check pods", "why is deploy failing", "k8s health", "verify deployment", "are pods ready", "check deployment", or wants to verify a Kubernetes deployment is healthy after a rollout.

3SKILL.mdUpdated May 23, 2026

indrasvat/rollout-check

indrasvat/prd-generator

documentation

VerifiedTrustedCommunity

Generate comprehensive Product Requirements Documents with interactive discovery, progress tracking, and True Ralph Loop support for autonomous implementation. Use when user wants to (1) create a PRD for a new project/feature, (2) implement a PRD autonomously with fresh Claude sessions, (3) track implementation progress, (4) recover context after session loss. Creates docs/PRD.md and docs/PROGRESS.md.

3SKILL.mdUpdated May 23, 2026

indrasvat/prd-generator

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/indrasvat/claude-code-skills.git

# Copy into Claude Code skills folder (global)
cp -r claude-code-skills/skills/k8s-diff ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

indrasvat/claude-code-skills

3 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT