kubectl-ro

MCP Tool

soyvural/kubectl-ro

Read-only Kubernetes access for AI agents and humans. kubectl wrapper + MCP server that blocks mutations and redacts secrets.

Install

$ npx loaditout add soyvural/kubectl-ro

Platform-specific configuration:

.claude/settings.json

{
  "mcpServers": {
    "kubectl-ro": {
      "command": "npx",
      "args": [
        "-y",
        "kubectl-ro"
      ]
    }
  }
}

Add the config above to .claude/settings.json under the mcpServers key.

About

kubectl-ro

[](https://github.com/soyvural/kubectl-ro/actions/workflows/ci.yaml) [](https://go.dev) [](LICENSE) [](https://pkg.go.dev/github.com/soyvural/kubectl-ro) [](https://modelcontextprotocol.io) [](https://kubernetes.io) [](https://goreportcard.com/report/github.com/soyvural/kubectl-ro)

Read-only Kubernetes access for AI agents and humans.

When you let an LLM explore your cluster, you don't want it running kubectl delete or leaking your secrets. kubectl-ro prevents that.

Build

git clone https://github.com/soyvural/kubectl-ro.git
cd kubectl-ro
go build -o kubectl-ro .

Or install directly:

go install github.com/soyvural/kubectl-ro@latest

Run

1. As a kubectl wrapper

# allowed
kubectl-ro get pods -n kube-system
kubectl-ro logs deployment/my-app --tail=100
kubectl-ro describe svc my-service

# blocked
kubectl-ro delete pod nginx          # BLOCKED: 'delete' is a mutating command
kubectl-ro get secret -o yaml        # BLOCKED: would expose secret values
kubectl-ro exec -it pod -- bash      # BLOCKED: 'exec' is a mutating command

2. As an MCP server for AI

Start the server:

kubectl-ro serve

Or add to Claude Code settings (`.claude/

Reviews

Loading reviews...

Quality Signals

Installs

Last updated20 days ago

Security: AREADME

Safety

Risk Levelmedium

Data Access

read

Network Accessnone

Details

Sourcegithub-crawl

Last commit3/29/2026

View on GitHub→

Embed Badge

[![Loaditout](https://loaditout.ai/api/badge/soyvural/kubectl-ro)](https://loaditout.ai/skills/soyvural/kubectl-ro)

kubectl-ro

MCP Tool

soyvural/kubectl-ro

Read-only Kubernetes access for AI agents and humans. kubectl wrapper + MCP server that blocks mutations and redacts secrets.

Install

$ npx loaditout add soyvural/kubectl-ro

Platform-specific configuration:

.claude/settings.json

{
  "mcpServers": {
    "kubectl-ro": {
      "command": "npx",
      "args": [
        "-y",
        "kubectl-ro"
      ]
    }
  }
}

Add the config above to .claude/settings.json under the mcpServers key.

About

kubectl-ro

Read-only Kubernetes access for AI agents and humans.

When you let an LLM explore your cluster, you don't want it running kubectl delete or leaking your secrets. kubectl-ro prevents that.

Build

git clone https://github.com/soyvural/kubectl-ro.git
cd kubectl-ro
go build -o kubectl-ro .

Or install directly:

go install github.com/soyvural/kubectl-ro@latest

Run

1. As a kubectl wrapper

# allowed
kubectl-ro get pods -n kube-system
kubectl-ro logs deployment/my-app --tail=100
kubectl-ro describe svc my-service

# blocked
kubectl-ro delete pod nginx          # BLOCKED: 'delete' is a mutating command
kubectl-ro get secret -o yaml        # BLOCKED: would expose secret values
kubectl-ro exec -it pod -- bash      # BLOCKED: 'exec' is a mutating command

2. As an MCP server for AI

Start the server:

kubectl-ro serve

Or add to Claude Code settings (`.claude/

Reviews

Loading reviews...

Quality Signals

Installs

Last updated20 days ago

Security: AREADME

Safety

Risk Levelmedium

Data Access

read

Network Accessnone

Details

Sourcegithub-crawl

Last commit3/29/2026

View on GitHub→

Embed Badge

[![Loaditout](https://loaditout.ai/api/badge/soyvural/kubectl-ro)](https://loaditout.ai/skills/soyvural/kubectl-ro)

kubectl-ro

Install

About

Tags

Reviews

Quality Signals

Safety

Details

Embed Badge

kubectl-ro

Install

About

Tags

Reviews

Quality Signals

Safety

Details

Embed Badge