devspace

Provides guidance for using DevSpace to automate Kubernetes application development, deployment, and management.

Install this skill

or

0/100

Security score

The devspace skill was audited on Feb 9, 2026 and we found 39 security issues across 2 threat categories, including 8 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 168

Template literal with variable interpolation in command context

SourceSKILL.md

168

```yaml

medium line 249

Template literal with variable interpolation in command context

SourceSKILL.md

249

```yaml

high line 267

Template literal with variable interpolation in command context

SourceSKILL.md

267	- `${runtime.images.IMAGE_NAME.image}` - Full image name with tag

high line 268

Template literal with variable interpolation in command context

SourceSKILL.md

268	- `${runtime.images.IMAGE_NAME.tag}` - Just the tag

high line 269

Template literal with variable interpolation in command context

SourceSKILL.md

269	- `${runtime.images.IMAGE_NAME.imageName}` - Just the image name (no tag)

high line 316

Template literal with variable interpolation in command context

SourceSKILL.md

316	- `${DEVSPACE_NAMESPACE}` - Current namespace

high line 317

Template literal with variable interpolation in command context

SourceSKILL.md

317	- `${DEVSPACE_CONTEXT}` - Current kube context

high line 318

Template literal with variable interpolation in command context

SourceSKILL.md

318	- `${DEVSPACE_PROFILE}` - Active profile name

high line 319

Template literal with variable interpolation in command context

SourceSKILL.md

319	- `${DEVSPACE_RANDOM}` - Random 6-char string

high line 320

Template literal with variable interpolation in command context

SourceSKILL.md

320	- `${DEVSPACE_TIMESTAMP}` - Current UNIX timestamp

medium line 370

Template literal with variable interpolation in command context

SourceSKILL.md

370

```yaml

medium line 409

Template literal with variable interpolation in command context

SourceSKILL.md

409

```yaml

medium line 442

Template literal with variable interpolation in command context

SourceSKILL.md

442

```yaml

medium line 487

Template literal with variable interpolation in command context

SourceSKILL.md

487

```yaml

medium line 556

Template literal with variable interpolation in command context

SourceSKILL.md

556

```yaml

medium line 673

Template literal with variable interpolation in command context

SourceSKILL.md

673

```yaml

medium line 679

Template literal with variable interpolation in command context

SourceSKILL.md

679

```yaml

medium line 709

Template literal with variable interpolation in command context

SourceSKILL.md

709

```yaml

medium line 814

Template literal with variable interpolation in command context

SourceSKILL.md

814

```bash

medium line 849

Template literal with variable interpolation in command context

SourceSKILL.md

849

```yaml

medium line 859

Template literal with variable interpolation in command context

SourceSKILL.md

859

```bash

low line 375

Access to hidden dotfiles in home directory

SourceSKILL.md

375	if [ -f ~/.config/app/config.json ]; then

low line 376

Access to hidden dotfiles in home directory

SourceSKILL.md

376	echo ~/.config/app/config.json

medium line 517

Access to hidden dotfiles in home directory

SourceSKILL.md

517	- Example: Mounting `credentials.json` into `~/.app/` fails if the app creates `~/.app/cache/` or other files

low line 578

Access to hidden dotfiles in home directory

SourceSKILL.md

578	mkdir -p ~/.app

low line 581

Access to hidden dotfiles in home directory

SourceSKILL.md

581	ln -sf /tmp/secrets/credentials.json ~/.app/credentials.json

low line 602

Access to hidden dotfiles in home directory

SourceSKILL.md

602	mkdir -p ~/.app ~/.config/app

low line 605

Access to hidden dotfiles in home directory

SourceSKILL.md

605	ln -sf /tmp/secrets/credentials.json ~/.app/credentials.json

low line 606

Access to hidden dotfiles in home directory

SourceSKILL.md

606	ln -sf /tmp/secrets/api-key.txt ~/.config/app/api-key.txt

low line 607

Access to hidden dotfiles in home directory

SourceSKILL.md

607	ln -sf /tmp/secrets/client-secret.json ~/.app/client-secret.json

low line 610

Access to hidden dotfiles in home directory

SourceSKILL.md

610	chmod 600 ~/.app/credentials.json

low line 640

Access to hidden dotfiles in home directory

SourceSKILL.md

640	subPath: credentials.json # Fails if app writes to ~/.app/

low line 649

Access to hidden dotfiles in home directory

SourceSKILL.md

649	ln -sf /tmp/secrets/credentials.json ~/.app/credentials.json

low line 695

Access to hidden dotfiles in home directory

SourceSKILL.md

695	ls -la ~/.app/

low line 696

Access to hidden dotfiles in home directory

SourceSKILL.md

696	cat ~/.app/credentials.json

low line 702

Access to hidden dotfiles in home directory

SourceSKILL.md

702	ln -sf /tmp/secrets/credentials.json ~/.app/credentials.json

medium line 485

Access to .env file

SourceSKILL.md

485	### Dynamic Secret Detection from .env

low line 492

Access to .env file

SourceSKILL.md

492	if [ -f .env ]; then

low line 493

Access to .env file

SourceSKILL.md

493	cat .env \| grep -v '^#' \| grep -v '^$' \| \

Scanned on Feb 9, 2026

View Security Dashboard

Installation guide →

GitHub Stars 106

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

openclaw devops backend devops-sre backend-developer data-engineer kubernetes docker development

majiayu000/claude-skill-registry