ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Active Directory Hardening

Enterprise-grade API for generating optimized Active Directory security configuration files with hardening best practices.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 26 · 0 current installs · 0 all-time installs
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to be an 'enterprise-grade API' that generates Active Directory hardening configurations and the SKILL.md/openapi.json describe endpoints and request/response shapes that align with that purpose. However, the package includes no server base URL, no authentication details, and no install/runtime that actually implements a client or server — so the 'API' is only a spec/documentation. The existence of pricing tiers for an external service but no declared credentials is inconsistent with a hosted paid API.
Instruction Scope
The SKILL.md is an API specification and sample requests/responses; it does not instruct the agent to read local files, collect unrelated system data, or exfiltrate secrets. That said, the responses include deployable PowerShell scripts (deploymentScript) which are powerful and can make system changes if executed — the skill provides no safety guidance or sandboxing instructions. Also the SKILL.md does not provide a server 'servers' entry or base URL, so following the endpoints as-is is incomplete.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute. That minimizes on-disk installation risk. There are no downloads, extracted archives, or third-party packages declared.
Credentials
The skill declares no required environment variables or credentials. For a documented paid API with pricing tiers, you'd normally expect at least an API key or token to be required; the absence of any auth declaration is inconsistent and could mean the spec is incomplete or the skill expects the agent to produce configs locally. No credentials are requested, so there's no obvious secret-exfiltration vector in the skill metadata, but lack of auth details is a red flag for practical usage.
Persistence & Privilege
The skill does not request always:true and makes no claims about modifying other skills or system-wide agent settings. It is user-invocable and allows autonomous invocation (default), which is normal for skills.
What to consider before installing
This package appears to be an API specification for generating Active Directory hardening configurations, not an implemented client or hosted service. Before installing or using it: 1) Confirm the provider and hosting origin (who operates the API and where it's hosted); the registry metadata lists 'unknown' source and no homepage. 2) Ask for the API base URL and authentication mechanism — a paid API should require credentials (API key/token) which are not declared here. 3) Treat any generated deploymentScript (PowerShell) as potentially destructive — review and test in a safe lab before running on production. 4) If you expect the skill to call an external service, require explicit documentation of where requests are sent and how credentials are handled; absence of that is a practical and security risk. If these questions are not answered, do not trust the skill to produce or execute configuration changes in your environment.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97crmq28s2gwxhvet6fmj6hjh83wtd5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Overview

The Active Directory Hardening Tool is an enterprise-grade security API designed to generate comprehensive Active Directory (AD) hardening configuration files based on industry best practices and CISSP-aligned security standards. This tool automates the complex process of configuring AD security settings, reducing manual configuration errors and ensuring consistent security posture across AD environments.

Organizations managing large-scale Active Directory deployments require robust security configurations to protect against lateral movement, privilege escalation, and unauthorized access. This tool streamlines the generation of hardening configurations by accepting flexible hardening options and producing deployment-ready configuration files. It is ideal for security architects, system administrators, and organizations undergoing AD security assessments or compliance initiatives.

The API provides enumeration of available hardening options, allowing teams to understand all supported configurations before generating customized hardening profiles. This enables organizations to tailor security configurations to their specific risk profiles and operational requirements.

Usage

Sample Request

Generate an AD hardening configuration with multiple security options:

{
  "sessionId": "sess_abc123def456",
  "userId": 12345,
  "timestamp": "2025-01-15T10:30:00Z",
  "hardeningOptions": {
    "passwordPolicy": ["enforceComplexity", "minLength14", "historyCount24"],
    "accountLockout": ["threshold5", "duration30minutes", "resetCounterAfter30"],
    "kerberosHardening": ["enableAESEncryption", "disableRC4", "setMaxTicketLifetime"],
    "groupPolicy": ["enableAudit", "disableAnonymousAccess", "restrictNetworkAccess"]
  }
}

Sample Response

{
  "status": "success",
  "configurationId": "config_xyz789uvw",
  "timestamp": "2025-01-15T10:30:15Z",
  "configurations": {
    "passwordPolicy": {
      "enforceComplexity": true,
      "minimumLength": 14,
      "passwordHistoryCount": 24,
      "maximumPasswordAge": 90
    },
    "accountLockout": {
      "lockoutThreshold": 5,
      "lockoutDuration": 30,
      "resetCounterAfterMinutes": 30
    },
    "kerberosHardening": {
      "encryptionTypes": ["AES256", "AES128"],
      "disabledEncryption": ["RC4"],
      "maxTicketLifetimeHours": 10
    },
    "groupPolicy": {
      "auditingEnabled": true,
      "anonymousAccessDisabled": true,
      "networkAccessRestricted": true
    }
  },
  "deploymentScript": "powershell_script_content_here",
  "auditLog": {
    "requestId": "req_123456",
    "userId": 12345,
    "action": "AD_HARDENING_GENERATED",
    "timestamp": "2025-01-15T10:30:15Z"
  }
}

Endpoints

GET /

Health Check Endpoint

Verifies API availability and returns service status.

Method: GET
Path: /

Parameters: None

Response:

  • Status Code: 200
  • Content-Type: application/json
  • Body: Service status object confirming API health

POST /api/ad-hardening/generate

Generate AD Hardening Configuration

Generates enterprise-ready Active Directory hardening configuration files based on specified security options. Returns deployable configurations and scripts.

Method: POST
Path: /api/ad-hardening/generate

Request Body (application/json):

ParameterTypeRequiredDescription
hardeningOptionsObject (string arrays)YesMap of hardening categories to configuration options. Keys represent hardening domains (e.g., passwordPolicy, accountLockout, kerberosHardening); values are arrays of specific settings to apply.
sessionIdStringYesUnique session identifier for request tracking and audit logging. Used to correlate multiple requests within a session.
userIdInteger | nullNoOptional user identifier for audit trail association. Useful for tracking which user generated the configuration.
timestampStringYesISO 8601 formatted timestamp of request generation. Must be in UTC format (e.g., "2025-01-15T10:30:00Z").

Response:

  • Status Code: 200
  • Content-Type: application/json
  • Body: Configuration object containing hardened AD settings, deployment scripts, and audit trail metadata
  • Status Code: 422 (on validation error)
  • Content-Type: application/json
  • Body: HTTPValidationError object with detailed field-level validation errors

GET /api/ad-hardening/options

Retrieve Available Hardening Options

Enumerates all supported Active Directory hardening options, categories, and their descriptions. Use this endpoint to discover available configurations before generating hardening profiles.

Method: GET
Path: /api/ad-hardening/options

Parameters: None

Response:

  • Status Code: 200
  • Content-Type: application/json
  • Body: Object containing hierarchical hardening options with descriptions:
    • Available hardening categories (passwordPolicy, accountLockout, kerberosHardening, groupPolicy, etc.)
    • Supported settings within each category
    • Parameter descriptions and recommended values
    • Security impact and compliance mappings

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…