notque/kubernetes-security
skills/kubernetes-security/SKILL.md
Kubernetes security: RBAC, PodSecurity, network policies.
$ install --global
skillsauthnpx skillsauth add notque/claude-code-toolkit kubernetes-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 30, 2026, 6:27 AM48.6s5 files scanned
SKILL.md
- name:
- kubernetes-security
- description:
- Kubernetes security: RBAC, PodSecurity, network policies.
- user-invocable:
- false
- context:
- fork
- agent:
- kubernetes-helm-engineer
- category:
- kubernetes
Kubernetes Security Skill
Harden Kubernetes clusters and workloads through RBAC, pod security, network isolation, secret management, and supply chain controls.
Reference Loading Table
| Signal | Reference | Size |
|--------|-----------|------|
| RBAC, Role, RoleBinding, ClusterRole, ServiceAccount, least-privilege, access control, permissions | references/rbac-patterns.md | ~60 lines |
| PodSecurity, SecurityContext, runAsNonRoot, readOnlyRootFilesystem, restricted, baseline, image hardening, distroless, Dockerfile | references/pod-security.md | ~90 lines |
| NetworkPolicy, default-deny, allow-list, egress, ingress, DNS, lateral movement, namespace isolation | references/network-policies.md | ~70 lines |
| cosign, Kyverno, OPA, admission controller, Sealed Secrets, External Secrets, supply chain, misconfiguration, privileged | references/supply-chain.md | ~120 lines |
Load greedily. If the user's question touches any signal keyword, load the matching reference before responding. Multiple signals matching = load all matching references.
Phase 1: IDENTIFY
Determine which security domain the user is asking about.
| Domain | Reference |
|--------|-----------|
| Access control, permissions, roles | references/rbac-patterns.md |
| Pod hardening, container security | references/pod-security.md |
| Network isolation, traffic rules | references/network-policies.md |
| Image signing, secrets, admission control | references/supply-chain.md |
If the question spans multiple domains, load all relevant references. Most production hardening tasks touch at least RBAC + pod security.
Gate: Domain identified. Reference(s) loaded. Proceed to Phase 2.
Phase 2: RESPOND
Use loaded reference knowledge to answer with concrete YAML manifests and specific configurations. The references contain complete, copy-paste-ready examples for each security domain.
For general Kubernetes debugging, pair with the kubernetes-debugging skill.
Gate: Question answered with reference-backed manifests, not generic advice.
Phase 3: VERIFY
Validate the security posture against the misconfiguration table in references/supply-chain.md. Flag any of the 8 common misconfigurations if present in the user's manifests.
References
- Kubernetes Pod Security Standards
- Kubernetes Network Policies
- Kubernetes RBAC
- External Secrets Operator
- Sealed Secrets
- Cosign
- Kyverno
Related Skills
notque/translate
documentation
VerifiedTrustedCommunity
Document translation: quick/normal/refined modes with chunked parallel subagents and glossary support.
392SKILL.mdUpdated Jun 3, 2026
notque/image-gen
development
VerifiedTrustedCommunity
AI image generation: Gemini and Nano Banana backends; single/series/batch workflows with prompt-to-disk.
392SKILL.mdUpdated Jun 3, 2026
notque/voice-writer
testing
VerifiedTrustedCommunity
Unified voice content generation pipeline with mandatory validation and joy-check. 13-phase pipeline: LOAD, GROUND, STATS-CHECKPOINT, GENERATE, HOOK-GATE, VALIDATE, REFINE, VARIETY-GATE, JOY-CHECK, ANTI-AI, CLOSE-GATE, OUTPUT, CLEANUP. Use when writing articles, blog posts, or any content that uses a voice profile. Use for "write article", "blog post", "write in voice", "generate content", "draft article", "write about".
392SKILL.mdUpdated May 24, 2026
notque/voice-validator
documentation
VerifiedTrustedCommunity
Critique-and-rewrite loop for voice fidelity validation.
392SKILL.mdUpdated May 24, 2026