mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 22:54:53 +03:00

Files

T

mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders

2026-03-10 21:02:12 +01:00

2.1 KiB

Raw Blame History

API Reference: Auditing Kubernetes Cluster RBAC

kubernetes (Python Client)

Configuration

from kubernetes import client, config

config.load_kube_config()  # From ~/.kube/config
# or
config.load_incluster_config()  # Inside a pod

List ClusterRoles

rbac = client.RbacAuthorizationV1Api()
roles = rbac.list_cluster_role()
for role in roles.items:
    print(role.metadata.name)
    for rule in role.rules or []:
        print(f"  verbs={rule.verbs} resources={rule.resources}")

List ClusterRoleBindings

bindings = rbac.list_cluster_role_binding()
for b in bindings.items:
    print(b.metadata.name, "->", b.role_ref.name)
    for s in b.subjects or []:
        print(f"  {s.kind}: {s.name}")

List Pods (Security Context)

v1 = client.CoreV1Api()
pods = v1.list_pod_for_all_namespaces()
for pod in pods.items:
    for c in pod.spec.containers:
        sc = c.security_context
        if sc and sc.privileged:
            print(f"PRIVILEGED: {pod.metadata.namespace}/{pod.metadata.name}")

Key RBAC Resources

Resource	API	Description
ClusterRole	`rbac.list_cluster_role()`	Cluster-wide permission definitions
ClusterRoleBinding	`rbac.list_cluster_role_binding()`	Binds roles to subjects cluster-wide
Role	`rbac.list_namespaced_role(ns)`	Namespace-scoped permissions
RoleBinding	`rbac.list_namespaced_role_binding(ns)`	Namespace-scoped binding
ServiceAccount	`v1.list_service_account_for_all_namespaces()`	Pod identities

Dangerous RBAC Patterns to Detect

Pattern	Risk
`verbs: [""], resources: [""]`	Equivalent to cluster-admin
`resources: ["secrets"], verbs: ["get"]`	Can read all secrets
`resources: ["pods/exec"]`	Can exec into containers
`subjects: system:authenticated`	All users get this role
`automountServiceAccountToken: true`	Token available in pod

References

kubernetes Python client: https://pypi.org/project/kubernetes/
K8s RBAC docs: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
KubiScan: https://github.com/cyberark/KubiScan

2.1 KiB Raw Blame History

API Reference: Auditing Kubernetes Cluster RBAC

kubernetes (Python Client)

Configuration

List ClusterRoles

List ClusterRoleBindings

List Pods (Security Context)

Key RBAC Resources

Dangerous RBAC Patterns to Detect

References

2.1 KiB

Raw Blame History