AI-Driven Workflows
Network traffic is the richest source of information in a Kubernetes cluster, but raw packet data is too large and too expensive in tokens for AI agents to process.
Kubeshark indexes, structures, and enriches network data with full Kubernetes context, then exposes it to AI agents via MCP. AI agents can slice and dice cluster-wide traffic at a reasonable token cost — powering incident response and root cause analysis workflows capable of processing 10x the traffic in 1/10th the time.
AI Agent New Skills
Through MCP, AI agents get tools to:
- Query L4 flows and L7 API calls cluster-wide
- Create snapshots from any point in time
- Trigger indexing to index traffic into queryable records
- Filter by service, endpoint, status code, latency, or any Kubernetes identity
- Drill into specific API calls for full request/response payloads
- Export filtered PCAPs for archival or Wireshark analysis
- Access TCP Expert Insights — retransmissions, RTT, jitter, connection lifecycle
Example Prompts
“The checkout flow failed at 2:15 PM. Find all API calls to payment services and identify what went wrong.”
“Find API calls without Authorization headers that should have them.”
“Show TCP flows with handshake times over 10ms. Which connections have network latency?”
“Export traffic to payment-gateway between 3-4 PM yesterday for the security team.”
Works With Your Tools
| Tool | Use Case |
|---|---|
| Claude Desktop | Interactive troubleshooting |
| Claude Code | Terminal-based debugging |
| Cursor | AI coding with network feedback |
| VS Code + Continue | IDE-integrated analysis |
Get Started
claude mcp add kubeshark -- kubeshark mcpAI Skills
AI Skills are open-source, reusable instructions that teach AI agents how to use Kubeshark’s MCP tools for specific workflows. Skills follow the open Agent Skills format and work with Claude Code, OpenAI Codex CLI, Gemini CLI, Cursor, and other compatible agents.
| Skill | Description |
|---|---|
network-rca | Network Root Cause Analysis — retrospective traffic analysis via snapshots, with PCAP export (for Wireshark/compliance) and delayed indexing (for AI-driven API-level investigation) |
kfl | KFL2 (Kubeshark Filter Language) expert — complete reference for writing, debugging, and optimizing traffic filters across all supported protocols |
Planned skills:
api-security— OWASP API Top 10 assessment against live or snapshot trafficincident-response— 7-phase forensic incident investigation methodologynetwork-engineering— Real-time traffic analysis, latency debugging, dependency mapping
More skills coming soon. See the skills repository for installation instructions and contributing guidelines.
What’s Next
- AI Integration - Introduction — Connect your AI tools
- MCP in Action — See AI-driven workflows in practice
- How MCP Works — Technical details
- AI Skills — Open-source skills for specific workflows