Kubernetes Manifest Audit

Name: Kubernetes Manifest Audit
Author: UnbearableDev

UnbearableDev/k8s-manifest-audit

Run kube-linter-style audits on Kubernetes YAML from your agent before you deploy or merge manifest changes.

Overview

Kubernetes Manifest Audit is a MCP server for the Ship phase that kube-linter-audits Kubernetes manifests across 63 security, availability, RBAC, and network checks.

What is this MCP server?

63 kube-linter checks across security, availability, RBAC, and network
Remote MCP over streamable HTTP on Apify (Bearer token auth)
Targets solo builders shipping workloads to Kubernetes without a dedicated platform team
Surfaces misconfigurations agents can fix in-repo before apply
63 kube-linter checks (security, availability, RBAC, network)
Remote MCP v1.0.0 on Apify actor endpoint

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You ship to Kubernetes but lack time to manually verify every manifest for RBAC leaks, missing probes, and insecure pod defaults.

Who is it for?

Solo builders shipping containerized SaaS or APIs to Kubernetes who want agent-driven manifest review in the security gate before deploy.

Skip if: Teams that only use managed PaaS with no raw manifests, or builders who need live cluster penetration testing instead of static YAML audit.

What do I get? / Deliverables

Your agent returns actionable kube-linter findings on pasted or referenced YAML so you fix manifests before they reach the cluster.

Structured findings from 63 manifest checks
Agent-ready remediation hints on failed linter rules
Pre-deploy security and availability pass/fail signal

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Manifest hardening belongs in the ship phase when you are locking down cluster config ahead of production rollout. Security subphase fits a linter focused on RBAC, network policy, and availability guardrails rather than runtime monitoring.

How it compares

Static manifest audit via MCP, not an in-cluster security scanner or a generic DevOps chat skill.

Common Questions / FAQ

Who is Kubernetes Manifest Audit for?

Indie and small-team builders who edit Kubernetes YAML or Helm templates and want their coding agent to enforce kube-linter rules before merge or deploy.

When should I use Kubernetes Manifest Audit?

Use it during ship/security review whenever manifests change—Deployments, Services, RBAC, NetworkPolicies—or when an agent generates K8s config you have not validated yet.

How do I add Kubernetes Manifest Audit to my agent?

Register the streamable-http remote MCP URL from the server manifest, set Authorization to Bearer plus your Apify token from console.apify.com account integrations, then invoke audit tools against your manifest content.

Kubernetes Manifest Audit

UnbearableDev/k8s-manifest-audit

Run kube-linter-style audits on Kubernetes YAML from your agent before you deploy or merge manifest changes.

Overview

Kubernetes Manifest Audit is a MCP server for the Ship phase that kube-linter-audits Kubernetes manifests across 63 security, availability, RBAC, and network checks.

What is this MCP server?

63 kube-linter checks across security, availability, RBAC, and network
Remote MCP over streamable HTTP on Apify (Bearer token auth)
Targets solo builders shipping workloads to Kubernetes without a dedicated platform team
Surfaces misconfigurations agents can fix in-repo before apply
63 kube-linter checks (security, availability, RBAC, network)
Remote MCP v1.0.0 on Apify actor endpoint

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You ship to Kubernetes but lack time to manually verify every manifest for RBAC leaks, missing probes, and insecure pod defaults.

Who is it for?

Solo builders shipping containerized SaaS or APIs to Kubernetes who want agent-driven manifest review in the security gate before deploy.

Skip if: Teams that only use managed PaaS with no raw manifests, or builders who need live cluster penetration testing instead of static YAML audit.

What do I get? / Deliverables

Your agent returns actionable kube-linter findings on pasted or referenced YAML so you fix manifests before they reach the cluster.

Structured findings from 63 manifest checks
Agent-ready remediation hints on failed linter rules
Pre-deploy security and availability pass/fail signal

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Static manifest audit via MCP, not an in-cluster security scanner or a generic DevOps chat skill.

Common Questions / FAQ

Who is Kubernetes Manifest Audit for?

Indie and small-team builders who edit Kubernetes YAML or Helm templates and want their coding agent to enforce kube-linter rules before merge or deploy.

When should I use Kubernetes Manifest Audit?

Use it during ship/security review whenever manifests change—Deployments, Services, RBAC, NetworkPolicies—or when an agent generates K8s config you have not validated yet.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Kubernetes Manifest Audit for?

When should I use Kubernetes Manifest Audit?

How do I add Kubernetes Manifest Audit to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Kubernetes Manifest Audit for?

When should I use Kubernetes Manifest Audit?

How do I add Kubernetes Manifest Audit to my agent?