helm-chart-linter

Lint and validate Helm charts for structure, security, dependencies, and best practices. Use when asked to lint, validate, check, or audit Helm charts, verify Chart.yaml, values.yaml, templates, or ensure Helm chart quality. Triggers on "lint helm", "validate chart", "check helm chart", "helm best practices".

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "helm-chart-linter" with this command: npx skills add charlie-morrison/helm-chart-linter

Helm Chart Linter

A pure Python 3 (stdlib only) linter and validator for Helm chart directories. Checks structure, security, dependencies, and best practices across 22 rules.

Commands

python3 scripts/helm_chart_linter.py <command> <chart-dir> [options]
CommandDescription
lintLint chart structure and best practices (all rules)
securityRun security-focused checks only
dependenciesValidate Chart.yaml/Chart.lock dependencies
validateFull validation: structure + security + dependencies

Options

OptionDescription
--format text|json|markdownOutput format (default: text)
--strictExit 1 on warnings as well as errors (CI mode)

Examples

# Basic lint
python3 scripts/helm_chart_linter.py lint ./my-chart

# Full validation with JSON output
python3 scripts/helm_chart_linter.py validate ./my-chart --format json

# Security audit, strict mode for CI
python3 scripts/helm_chart_linter.py security ./my-chart --strict

# Dependency check with Markdown report
python3 scripts/helm_chart_linter.py dependencies ./my-chart --format markdown

Rules

Structure (6 rules)

  1. CHART001 — Chart.yaml exists and has required fields (apiVersion, name, version, description)
  2. CHART002 — Version is valid semver
  3. CHART003 — values.yaml exists
  4. CHART004 — templates/ directory exists
  5. CHART005 — NOTES.txt exists in templates/ (warning)
  6. CHART006 — .helmignore exists (warning)

Security (6 rules)

  1. SEC001 — No hardcoded secrets in values.yaml (passwords, tokens, keys)
  2. SEC002 — No privileged containers (securityContext.privileged: true)
  3. SEC003 — No hostNetwork, hostPID, or hostIPC enabled
  4. SEC004 — Resource limits defined in templates
  5. SEC005 — No runAsRoot without explicit runAsNonRoot
  6. SEC006 — Image tags not "latest"

Dependencies (4 rules)

  1. DEP001 — Chart.lock present and matches Chart.yaml dependencies
  2. DEP002 — No wildcard version constraints
  3. DEP003 — Repository URLs use HTTPS
  4. DEP004 — No duplicate dependency names

Best Practices (6 rules)

  1. BP001 — Labels include app.kubernetes.io/name, version, managed-by
  2. BP002 — Liveness and readiness probes defined
  3. BP003 — Service account name configured
  4. BP004 — Namespace not hardcoded in templates
  5. BP005 — No deprecated API versions (extensions/v1beta1, apps/v1beta1, etc.)
  6. BP006 — Values documented with comments

Exit Codes

CodeMeaning
0No issues (or only warnings in normal mode)
1Errors found (or warnings found in --strict)
2Script/usage error

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

agent-bom vulnerability intel

Use agent-bom to check package, SBOM, inventory, and agent dependency exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV with explicit...

Registry SourceRecently Updated
580msaad00
Security

agent-bom runtime

AI runtime security monitoring — context graph analysis, runtime audit log correlation with CVE findings, and vulnerability analytics queries. Use when the u...

Registry SourceRecently Updated
8210msaad00
Security

agent-bom registry

MCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch...

Registry SourceRecently Updated
8060msaad00
Security

agent-bom scan

Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container...

Registry SourceRecently Updated
8020msaad00