detecting-privilege-escalation-in-kubernetes-pods

Detect and prevent privilege escalation in Kubernetes pods by monitoring security contexts, capabilities, and syscall patterns with Falco and OPA policies.

mukul975/Anthropic-Cybersecurity-Skills|Updated May 25, 2026

Works with

Claude CodeCursorClineWindsurfCodex

Installation Guide

Select your AI agent

How to use detecting-privilege-escalation-in-kubernetes-pods on Cursor

AI-first code editor with Composer

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

›Cursor installed and configured on your machine
›Node.js 16+ with npm — verify with node --version
›Active project directory where you want to add detecting-privilege-escalation-in-kubernetes-pods

Run the install command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills install mukul975/Anthropic-Cybersecurity-Skills/detecting-privilege-escalation-in-kubernetes-pods

Fetches detecting-privilege-escalation-in-kubernetes-pods from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.

Select Cursor when prompted

The CLI shows a list of agents. Use arrow keys and space to select Cursor:

◆ Which agents do you want to install to?

│

│ ── Universal (.agents/skills) ────────────────

│ · Cline · Codex · Goose · Windsurf

│ ●Cursor(selected)

│ · Cursor · Aider · Continue

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/detecting-privilege-escalation-in-kubernetes-pods

Restart Cursor to activate detecting-privilege-escalation-in-kubernetes-pods. Access via /detecting-privilege-escalation-in-kubernetes-pods in your agent's command palette.

⚠

Security Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.

›View source on GitHub ›Skills CLI docs ›About Cursor ›What are agent skills?

Documentation

List & Monetize Your Skill

Submit your Claude Code skill and start earning

Get started →

Use Cases

Task Automation & Efficiency

Automate repetitive workflows and reduce manual effort

Example

Generate reports, summarize documents, draft communications

✓

Save 3-5 hours per week on routine tasks

Knowledge Enhancement

Learn new skills, understand complex topics, get expert guidance

Example

Explain concepts, provide examples, suggest learning resources

✓

Accelerate learning and skill development by 2x

Quality Improvement

Enhance output quality through reviews, suggestions, and refinements

Example

Review drafts, suggest improvements, catch errors

✓

Improve work quality by 30-40% with less effort

name	detecting-privilege-escalation-in-kubernetes-pods
description	Detect and prevent privilege escalation in Kubernetes pods by monitoring security contexts, capabilities, and syscall patterns with Falco and OPA policies.
domain	cybersecurity
subdomain	container-security
tags	- kubernetes - privilege-escalation - security-context - capabilities - detection - pod-security
version	'1.0'
author	mahipal
license	Apache-2.0
d3fend_techniques	- Executable Denylisting - Execution Isolation - File Metadata Consistency Validation - Restore Access - Password Authentication
nist_csf	- PR.PS-01 - PR.IR-01 - ID.AM-08 - DE.CM-01

Vector	Risk	Detection Method
privileged: true	Full host access	Admission control + audit
hostPID: true	Access host processes	Admission control
hostNetwork: true	Access host network stack	Admission control
hostPath volumes	Read/write host filesystem	Admission control
SYS_ADMIN capability	Near-privileged access	Admission + runtime
allowPrivilegeEscalation: true	setuid/setgid exploitation	Admission control
runAsUser: 0	Container root	Admission control
automountServiceAccountToken	Token theft for API access	Admission control
Writable /proc or /sys	Kernel parameter manipulation	Runtime monitoring

detecting-privilege-escalation-in-kubernetes-pods

Installation Guide

How to use detecting-privilege-escalation-in-kubernetes-pods on Cursor

Prerequisites

Run the install command

Select Cursor when prompted

Verify installation

Security Notice

Documentation

List & Monetize Your Skill

Use Cases

Task Automation & Efficiency

Knowledge Enhancement

Quality Improvement

Install Skill

Detecting Privilege Escalation in Kubernetes Pods

Overview

When to Use

Prerequisites

Privilege Escalation Vectors in Kubernetes

Detection with Admission Control

Pod Security Admission (Built-in)

OPA Gatekeeper Policies

Runtime Detection with Falco

Kubernetes Audit Log Detection

Query Audit Logs for Privilege Escalation

Investigation Playbook

Best Practices

Implementation Guide

Best Practices

When to Use This

Learning Path

Related Skills

detecting-rootkit-activity

performing-cryptographic-audit-of-application

implementing-soar-playbook-with-palo-alto-xsoar

exploiting-deeplink-vulnerabilities

generating-threat-intelligence-reports

analyzing-network-traffic-with-wireshark

Reviews

Discussion