Stats
Actions
Tags
From cybersecurity-skills
Detects container escape attempts in Kubernetes by analyzing namespace configs, privileged mode, capabilities, and hostPath mounts.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:performing-container-escape-detectionThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When conducting security assessments that involve performing container escape detection
Audit Kubernetes pods for container escape vectors including privileged mode, dangerous capabilities, host namespace sharing, and writable hostPath mounts.
from kubernetes import client, config
config.load_kube_config()
v1 = client.CoreV1Api()
pods = v1.list_pod_for_all_namespaces()
for pod in pods.items:
for container in pod.spec.containers:
sc = container.security_context
if sc and sc.privileged:
print(f"PRIVILEGED: {pod.metadata.namespace}/{pod.metadata.name}")
Key escape vectors:
# Check for docker socket mounts
for vol in pod.spec.volumes or []:
if vol.host_path and "docker.sock" in (vol.host_path.path or ""):
print(f"Docker socket exposed: {pod.metadata.name}")
npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skillsDetects container escape attempts in Kubernetes by analyzing namespace configs, privileged mode, capabilities, and hostPath mounts.
Detects container escape attempts by analyzing namespace configurations, privileged container checks, dangerous capability assignments, and host path mounts using the kubernetes Python client.
Detects Kubernetes container escape attempts via privileged checks, dangerous capabilities, host mounts, namespaces, and cgroup abuse using Python client. For security audits and investigations.