investigate-container

Official

Trace images, exposure, and stale nodes.

Authorsubimagesec
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Investigate where container images run, what a Kubernetes or EKS cluster exposes to the internet, and why cluster node counts can look incorrect in SubImage.

Core Features & Use Cases

  • Image provenance: Trace an image from digest or tag to its registry repository, running workloads, source repository, and known vulnerabilities.
  • Cluster exposure auditing: Review internet-facing services, ingress resources, public-IP backing nodes, and all objects flagged as exposed to the internet.
  • Node reconciliation: Separate running EC2 instances from terminated or stopped instances that still appear linked to an EKS cluster.
  • Use case: Ask where a specific image runs, audit the attack surface of cluster X, or explain why an EKS node count is inflated.

Quick Start

Use the investigate-container skill to trace an image, audit a cluster’s exposure, or reconcile EKS node counts from the details you provide.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: investigate-container
Download link: https://github.com/subimagesec/skills/archive/main.zip#investigate-container

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 545,000+ vetted skills library on demand.