Helm Chart Security Doctor

Audit a Helm chart for insecure defaults before you deploy to Kubernetes.

Install
cmdop skills install agensi-helm-chart-security-doctor

What it does

Helm Chart Security Doctor is a specialized security auditor designed to catch dangerous defaults and misconfigurations in Helm charts before they hit your cluster. It performs deep static analysis on Chart.yaml, values files, and template definitions to identify risks like privileged containers, missing resource limits, and exposed secrets.

Why use this skill

Manually auditing YAML templates is error-prone and time-consuming. This skill automates the detection of common Kubernetes security pitfalls that lead to pod breakouts or resource exhaustion. It’s better than standard prompting because it uses a structured heuristic-based scanner and a comprehensive audit checklist specifically built for Helm, ensuring consistent results without the hallucinations often found in generic LLM security advice.

What it supports

  • Standard Helm chart structures (v2/v3).
  • Detection of host namespace leaks (PID, IPC, Network).
  • Identification of insecure container security contexts (root users, writable filesystems).
  • Scanning for sensitive data leakage in values.yaml.
  • Verification of NetworkPolicy presence and Service type safety.

The Output

You receive a professional audit report categorized by severity. Each finding includes the specific rule violated, the file and line number involved, and clear remediation steps to bring your chart up to production-grade security standards.