Phy K8s Security Audit
Kubernetes manifest security auditor (CIS Kubernetes Benchmark). Scans all YAML/JSON manifests in your repository for privileged containers, hostNetwork/hostPID/hostIPC, dangerous hostPath mounts, missing resource limits/probes, latest image tags, RBAC over-permission (cluster-admin bindings, wildcard verbs), secrets in env vars, missing NetworkPolicy, missing seccomp/AppArmor profiles. Maps findings to CIS Benchmark controls and PSS (Pod Security Standards). Zero dependencies beyond PyYAML. Zero competitors on ClawHub.
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install clawskills:phy041~phy-k8s-security-auditcURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/clawskills%3Aphy041~phy-k8s-security-audit/file -o phy-k8s-security-audit.mdGit 仓库获取源码
git clone https://github.com/openclaw/skills/commit/ebdc434b8cd55e6c340ccb2bb93ca637c657d04b# phy-k8s-security-audit
Static security auditor for **Kubernetes YAML manifests**. Scans every Deployment, StatefulSet, DaemonSet, Pod, Job, CronJob, Role, ClusterRole, RoleBinding, ClusterRoleBinding, ServiceAccount, and NetworkPolicy in your repository against the **CIS Kubernetes Benchmark v1.9** and **Pod Security Standards (PSS)**. No cluster access required — works entirely on local manifest files.
## Why Manifest Auditing Matters
- Tesla's Kubernetes cluster was cryptojacked because their dashboard had no auth and pods ran privileged
- Attackers with access to one container can escape to the node via `privileged: true` or `hostPath` mounts
- Over-permissive RBAC (`cluster-admin`) is the #1 post-exploit persistence technique
- `automountServiceAccountToken: true` (the default) leaks credentials into every pod
## Checks: Pod / Container Level
| Check | Severity | CIS / PSS |
|-------|----------|-----------|
| `privileged: true` | CRITICAL | CIS 5.2.1 / PSS Restricted |
| `allowPrivilegeEscalation: true` or missing (default true) | HIGH | CIS 5.2.5 / PSS Restricted |
| `runAsNonRoot` missing or false | HIGH | CIS 5.2.6 / PSS Baseline |
| `runAsUser: 0` (root) | HIGH | CIS 5.2.6 |
| `hostNetwork: true` | HIGH | CIS 5.2.4 / PSS Baseline |
| `hostPID: true` | HIGH | CIS 5.2.2 / PSS Baseline |
| `hostIPC: true` | HIGH | CIS 5.2.3 / PSS Baseline |
| `hostPath` volume mount | HIGH | CIS 5.2.11 |
| `capabilities.add` with dangerous caps (SYS_ADMIN, NET_ADMIN, ALL) | CRITICAL | CIS 5.2.8 |
| Missing `capabilities.drop: [ALL]` | MEDIUM | CIS 5.2.7 / PSS Restricted |
| Missing resource `requests` and `limits` | MEDIUM | CIS 5.2.13 |
| `image: *:latest` or no tag | MEDIUM | Best practice |
| `imagePullPolicy: Never` with mutable tag | MEDIUM | Best practice |
| Missing `readinessProbe` | LOW | Best practice |
| Missing `livenessProbe` | LOW | Best practice |
| Secrets in `env` values (plaintext) | HIGH | CIS 5.4.1 |
| Missing `seccompProfile` | MEDIUM | CIS 5.7.2 / PSS Restricted |
| Missing `securityContext` entirely | MEDIUM | CIS 5.7.1 |
| `readOnlyRootFilesystem: false` (or missing) | MEDIUM | PSS Restricted |
## Checks: RBAC Level
| Check | Severity | CIS |
|-------|----------|-----|
| ClusterRoleBinding to `cluster-admin` | CRITICAL | CIS 5.1.1 |
| Role/ClusterRole with `verbs: ["*"]` | HIGH | CIS 5.1.3 |
| Role/ClusterRole with `resources: ["*"]` | HIGH | CIS 5.1.3 |
| Role with `secrets` GET/LIST permission | HIGH | CIS 5.1.2 |
| ServiceAccount with `automountServiceAccountToken: true` in non-system namespace | MEDIUM | CIS 5.1.5 |
| Default service account used (no explicit serviceAccountName) | MEDIUM | CIS 5.1.5 |
## Checks: Network Level
| Check | Severity | CIS |
|-------|----------|-----|
| No NetworkPolicy in namespace (detected from file dir) | HIGH | CIS 5.3.2 |
| NetworkPolicy `podSelector: {}` (applies to all pods) without ingress rules | MEDIUM | Best practice |
| Service type `NodePort` without explicit justification comment | LOW | CIS 5.4.2 |
| Service type `LoadBalancer` exposing non-HTTP port | MEDIUM | CIS 5.4.2 |
## Pod Security Standards Classification
Each Pod/Deployment spec is classified against PSS:
| Profile | Description |
|---------|-------------|
| **Privileged** | No restrictions — flag all workloads at this level |
| **Baseline** | No privileged, no host namespaces, no hostPath — minimum for most apps |
| **Restricted** | All of Baseline + non-root, no privilege escalation, seccomp, drop ALL caps |
## Implementation
```python
#!/usr/bin/env python3
"""
phy-k8s-security-audit — CIS Kubernetes Benchmark manifest scanner
Usage: python3 audit_k8s.py [path] [--json] [--ci] [--min-severity HIGH]
Requires: pip install pyyaml (almost always already installed)
"""
import argparse
import json
import os
import re
import sys
from dataclasses import dataclass, field
from pathlib import Path
from typing import Any, Optional
try:
import yaml
HAS_YAML = True
except ImportError:
HAS_YAML = False
print("Warning: PyYAML not found. Install with: pip install pyyaml", file=sys.stderr)
sys.exit(1)
CRITICAL, HIGH, MEDIUM, LOW = "CRITICAL", "HIGH", "MEDIUM", "LOW"
SEV_ORDER = {CRITICAL: 0, HIGH: 1, MEDIUM: 2, LOW: 3}
ICONS = {CRITICAL: "🔴", HIGH: "🟠", MEDIUM: "🟡", LOW: "⚪"}
# Capabilities that are effectively root
DANGEROUS_CAPS = {
"SYS_ADMIN", "NET_ADMIN", "SYS_PTRACE", "SYS_MODULE", "SYS_RAWIO",
"ALL", "SYSLOG", "DAC_READ_SEARCH", "LINUX_IMMUTABLE",
"NET_BROADCAST", "IPC_LOCK", "WAKE_ALARM", "BLOCK_SUSPEND",
}
# RBAC verbs that indicate over-permission
SENSITIVE_RBAC_VERBS = {"*", "create", "delete", "deletecollection", "patch", "update"}
SECRET_VERBS = {"get", "list", "watch", "*"}
@dataclass
class Finding:
file: str
resource_kind: str
resource_name: str
check_id: str
severity: str
title: str
detail: str
remediation: str
cis_ref: Optional[str] = None
pss_profile: Optional[str] = None
def get_name(obj: dict) -> str:
return obj.get("metadata", {}).get("name", "<unnamed>")
def get_namespace(obj: dict) -> str:
return obj.get("metadata", {}).get("namespace", "default")
def check_container_security(
container: dict,
file: str,
kind: str,
resource_name: str,
is_init: bool = False,
) -> list[Finding]:
findings = []
sc = container.get("securityContext", {})
cname = container.get("name", "<unnamed>")
label = f"{resource_name}/{cname}" + (" (init)" if is_init else "")
def add(check_id, sev, title, detail, remediation, cis=None, pss=None):
findings.append(Finding(file, kind, label, check_id, sev, title, detail, remediation, cis, pss))
# Privileged container
if sc.get("privileged") is True:
add("C001", CRITICAL, "Privileged container",
f"securityContext.privileged: true — container has full host access",
"Remove privileged: true. Use specific capabilities instead.",
"CIS 5.2.1", "PSS Restricted")
# Privilege escalation
if sc.get("allowPrivilegeEscalation") is True:
add("C002", HIGH, "Privilege escalation allowed",
"allowPrivilegeEscalation: true — setuid binaries can gain root",
"Set allowPrivilegeEscalation: false in securityContext.",
"CIS 5.2.5", "PSS Restricted")
elif "allowPrivilegeEscalation" not in sc:
# Default is true — flag unless privileged is already flagged
if not sc.get("privileged"):
add("C002b", MEDIUM, "allowPrivilegeEscalation not explicitly set (defaults to true)",
"Default allows setuid escalation. Explicitly disable.",
"Add allowPrivilegeEscalation: false to securityContext.",
"CIS 5.2.5")
# Root user
if sc.get("runAsUser") == 0:
add("C003", HIGH, "Container runs as root (runAsUser: 0)",
"Explicitly running as UID 0 — root in container maps to root on host in many configs.",
"Use a non-root UID: runAsUser: 1000 or higher.",
"CIS 5.2.6")
elif not sc.get("runAsNonRoot") and "runAsUser" not in sc:
add("C004", MEDIUM, "runAsNonRoot not enforced",
"Neither runAsNonRoot: true nor a non-zero runAsUser is set.",
"Add runAsNonRoot: true to securityContext.",
"CIS 5.2.6", "PSS Baseline")
# Capabilities
caps = sc.get("capabilities", {})
added_caps = caps.get("add", [])
for cap in added_caps:
if cap.upper() in DANGEROUS_CAPS:
add("C005", CRITICAL, f"Dangerous capability added: {cap}",
f"capabilities.add: [{cap}] grants near-root privileges.",
f"Remove {cap} from capabilities.add. Use least-privilege capabilities only.",
"CIS 5.2.8", "PSS Baseline")
if "drop" not in caps or "ALL" not in [c.upper() for c in caps.get("drop", [])]:
add("C006", MEDIUM, "capabilities.drop: [ALL] missing",
"Not dropping all