Registry/MCP Server Kubernetes

MCP Server Kubernetes

v0.3.0

Verified

Kubernetes cluster management for MCP. WARNING: Over-permissive default RBAC allows cluster-wide access including secrets.

By CommunityApache-2.0

developer tools

1.6Kstars

38.0Kdownloads

210forks

Scanned Feb 8, 2026

Website NPM

kubernetes k8s devops insecure

D35%

Scanned 3w ago

Poor Security

Vulnerabilities Found

2Crit

3High

3Med

3Low

4Info

Security ScoreD

out of 100

Vulnerabilities Found

Crit

High

Medi

Low

Info

Last scanned: 2/8/2026

Quality ScoreD

out of 100

Maint.

Popular

Docs

Compat

Maintenance60%

Popularity62%

Documentation65%

Compatibility60%

Maintenance60

Active

2 days ago

Commit Frequency59%

Release Frequency51%

Issue Response58%

Popularity62

1.6K

Stars

38.0K

Downloads

210

Forks

Stars Score57%

Downloads Score69%

Forks Score60%

Documentation65

README Quality83%

Available Documentation

API DocsExamplesChangelog

Compatibility60

MCP Spec Compliance65%

Transport Support50%

Features

TypeScript

Supported Transports

STDIO

Vulnerabilities(15)

2Critical

3High

3Medium

3Low

4Info

Filter:

READMEMCP Server Kubernetes

MCP Server Kubernetes

⚠️ SECURITY CONCERN: OVER-PERMISSIVE RBAC ⚠️

Issue

The default RBAC configuration grants cluster-admin level permissions, including:

Full access to all secrets
Ability to create/delete pods in any namespace
Access to service accounts

Risk

If an AI assistant is compromised or manipulated, it could:

Exfiltrate secrets (API keys, passwords)
Deploy malicious containers
Disrupt cluster operations

Recommendation

Create a restricted ServiceAccount
Use namespace-scoped roles
Deny access to secrets by default
Enable audit logging

Current Status

Maintainers have been notified but have not updated default configuration.

Embed Security Badge

Add this badge to your README or documentation

Badge Type

Style

[![MCP Server Kubernetes MCPSafe Security](https://api.mcpsafe.org
/api/badge/mcp-server-kubernetes-insecure.svg)](https://mcpsafe.org/registry/mcp-server-kubernetes-insecure)

Need more customization options?Badge Documentation

Server Information

Source: NPM
Package: mcp-server-kubernetes
Version: 0.3.0
Language: go
License: Apache-2.0
Transport: STDIO
Added: Jan 20, 2026
Updated: Feb 8, 2026

Actions

Compare with other servers Request rescan

MCP Server Kubernetes

Security ScoreD

Vulnerabilities Found

Quality ScoreD

Maintenance60

Popularity62

Documentation65

Available Documentation

Compatibility60

Features

Supported Transports

Vulnerabilities(15)

Remote Code Execution via eval()

SQL Injection in Query Builder

Path Traversal Vulnerability

Hardcoded API Credentials

Prototype Pollution

Insecure Random Number Generation

Missing Input Validation in MCP Tool

Excessive Permission Request

Missing Rate Limiting

Verbose Error Messages

Outdated Dependency

Missing Security Headers

Console Logging in Production

Missing TypeScript Strict Mode

Missing Documentation

READMEMCP Server Kubernetes

MCP Server Kubernetes

Issue

Risk

Recommendation

Current Status

Embed Security Badge

Server Information

Actions