Stats
Actions
Tags
From cybersec-toolkit
Detects container escape attempts in Kubernetes by analyzing namespace configs, privileged mode, capabilities, and hostPath mounts.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersec-toolkit:performing-container-escape-detectionThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When conducting security assessments that involve performing container escape detection
Audit Kubernetes pods for container escape vectors including privileged mode, dangerous capabilities, host namespace sharing, and writable hostPath mounts.
from kubernetes import client, config
config.load_kube_config()
v1 = client.CoreV1Api()
pods = v1.list_pod_for_all_namespaces()
for pod in pods.items:
for container in pod.spec.containers:
sc = container.security_context
if sc and sc.privileged:
print(f"PRIVILEGED: {pod.metadata.namespace}/{pod.metadata.name}")
Key escape vectors:
# Check for docker socket mounts
for vol in pod.spec.volumes or []:
if vol.host_path and "docker.sock" in (vol.host_path.path or ""):
print(f"Docker socket exposed: {pod.metadata.name}")
npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkitDetects container escape attempts in Kubernetes by analyzing namespace configs, privileged mode, capabilities, and hostPath mounts.
Detects Kubernetes container escape attempts via privileged checks, dangerous capabilities, host mounts, namespaces, and cgroup abuse using Python client. For security audits and investigations.
Detects Kubernetes container escape attempts by checking privileged mode, dangerous capabilities, host namespace sharing, risky hostPath mounts, and cgroup abuses like CVE-2022-0492 using Python Kubernetes client. For auditing cluster security.