What is a container escape?

A container escape is a security vulnerability where a process or attacker inside a container successfully breaks out of the isolation layer to gain access to the underlying host system.

How does this skill detect escapes?

It scans Kubernetes pod specifications for known misconfigurations like privileged mode, hostPath mounts, Docker socket exposure, and dangerous Linux capabilities like CAP_SYS_ADMIN.

Does this skill require special permissions?

Yes, the skill requires valid kubeconfig access to the cluster and appropriate RBAC permissions to list and inspect pods across namespaces.

Can it detect specific CVEs?

Yes, it is specifically designed to identify patterns used in exploits like CVE-2022-0492 regarding cgroup abuse and other common breakout techniques.

Is this skill compatible with GitHub Copilot or Cursor?

Yes, while formatted for Claude Code, the logic uses standard Python Kubernetes libraries compatible with most major AI coding assistants and CLI tools.

Container Escape Detection

Name: Container Escape Detection
Author: mukul975

bymukul975

•

4,121

•

Seguridad y Pruebas

Identifies and audits Kubernetes container escape vulnerabilities by analyzing namespace configurations, privileged settings, and dangerous host mounts.

This skill provides specialized cybersecurity auditing capabilities for Kubernetes environments, focusing on the identification of container escape vectors. It automates the detection of misconfigurations such as privileged mode, dangerous capability assignments (like CAP_SYS_ADMIN), host namespace sharing, and insecure hostPath mounts that could allow an attacker to gain host-level access. By leveraging the kubernetes Python client, it helps security professionals and developers validate security postures, perform incident response, and ensure compliance with frameworks like NIST CSF and MITRE ATT&CK.

Características Principales

01Identification of insecure hostPath mounts and Docker socket exposure

02Detection of dangerous Linux capability assignments

03CVE-2022-0492 style escape detection via cgroup abuse

04Namespace sharing analysis for PID, Network, and IPC

05Automated auditing of privileged container flags

064,121 GitHub stars

Casos de Uso

01Validating container isolation controls during incident response

02Performing scheduled compliance audits against security frameworks

03Conducting automated security assessments of Kubernetes clusters

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-container-escape-detection

For use in Claude.ai and ChatGPT

Características Principales

01Identification of insecure hostPath mounts and Docker socket exposure

02Detection of dangerous Linux capability assignments

03CVE-2022-0492 style escape detection via cgroup abuse

04Namespace sharing analysis for PID, Network, and IPC

05Automated auditing of privileged container flags

064,121 GitHub stars

Casos de Uso

01Validating container isolation controls during incident response

02Performing scheduled compliance audits against security frameworks

03Conducting automated security assessments of Kubernetes clusters

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-container-escape-detection

For use in Claude.ai and ChatGPT