Skillshub coreweave-security-basics
install
source · Clone the upstream repo
git clone https://github.com/ComeOnOliver/skillshub
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/ComeOnOliver/skillshub "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/jeremylongshore/claude-code-plugins-plus-skills/coreweave-security-basics" ~/.claude/skills/comeonoliver-skillshub-coreweave-security-basics && rm -rf "$T"
manifest:
skills/jeremylongshore/claude-code-plugins-plus-skills/coreweave-security-basics/SKILL.mdsource content
CoreWeave Security Basics
Instructions
Secrets for Model Access
# HuggingFace token kubectl create secret generic hf-token --from-literal=token="${HF_TOKEN}" # Container registry credentials kubectl create secret docker-registry regcred \ --docker-server=ghcr.io \ --docker-username=$USER \ --docker-password=$TOKEN
Network Policy for Inference Pods
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: inference-isolation spec: podSelector: matchLabels: app: inference-server policyTypes: [Ingress, Egress] ingress: - from: - podSelector: matchLabels: role: api-gateway ports: - port: 8080 egress: - to: [] # Allow all egress for model downloads ports: - port: 443
Security Checklist
- Kubeconfig stored securely, not in repos
- Secrets used for model tokens (not env vars in YAML)
- Network policies restrict inference endpoint access
- RBAC limits namespace access per team
- Container images scanned for CVEs
- PVCs encrypted at rest
Resources
Next Steps
For production readiness, see
coreweave-prod-checklist