Can it detect CVE-2022-0492 style escapes?

Yes, it is specifically designed to identify cgroup-related misconfigurations and abuse patterns that enable CVE-2022-0492 style container escapes.

Can I use this skill to automate security compliance?

Absolutely. It can be integrated into automated workflows to flag or block non-compliant container configurations before they are deployed to production.

Does this skill require specific permissions in my cluster?

Yes, the skill requires read access to Kubernetes pods across namespaces, typically provided via a correctly configured kubeconfig file with appropriate RBAC permissions.

What specific container escape vectors can this skill detect?

It detects privileged mode, CAP_SYS_ADMIN capabilities, host namespace sharing (PID/Network/IPC), Docker socket mounts, and writable hostPath mounts to sensitive directories.

Is this skill safe to run in a production environment?

The skill performs read-only auditing of pod specifications and does not modify resources, making it safe for production auditing, though testing in staging is always recommended.

Container Escape Detection

Name: Container Escape Detection
Author: micsapp

bymicsapp

0•

Security & Testing

Audits Kubernetes environments to identify and prevent container escape vulnerabilities and security misconfigurations.

This skill empowers security engineers and developers to proactively scan Kubernetes clusters for container escape vectors that could lead to host compromise. By leveraging the Kubernetes Python client, it automatically analyzes pod specifications for high-risk configurations such as privileged mode, dangerous Linux capabilities like CAP_SYS_ADMIN, host namespace sharing, and insecure hostPath mounts. It is an essential tool for conducting security audits, incident response, and routine compliance checks to mitigate threats like Docker socket exposure and cgroup-based escape vulnerabilities.

Key Features

01Detection of insecure hostPath mounts and Docker socket exposure

02Analysis of cgroup configurations to prevent CVE-2022-0492 style escapes

03Identification of dangerous Linux capability assignments like CAP_SYS_ADMIN

04Scanning for host namespace sharing across PID, Network, and IPC

050 GitHub stars

06Detection of privileged container execution and full host access

Use Cases

01Investigating potential container breakout attempts during security incident response

02Conducting automated security audits of multi-tenant Kubernetes clusters

03Validating pod security standards and compliance during the deployment phase

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-container-escape-detection

For use in Claude.ai and ChatGPT

Key Features

01Detection of insecure hostPath mounts and Docker socket exposure

02Analysis of cgroup configurations to prevent CVE-2022-0492 style escapes

03Identification of dangerous Linux capability assignments like CAP_SYS_ADMIN

04Scanning for host namespace sharing across PID, Network, and IPC

050 GitHub stars

06Detection of privileged container execution and full host access

Use Cases

01Investigating potential container breakout attempts during security incident response

02Conducting automated security audits of multi-tenant Kubernetes clusters

03Validating pod security standards and compliance during the deployment phase

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills performing-container-escape-detection

For use in Claude.ai and ChatGPT