ClawHub

Checkpoint Hardening

v1.0.0

Generates hardened security configurations for Check Point systems based on specified hardening options.

0· 49·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description describe an API that generates hardened Check Point configurations and the SKILL.md + openapi.json consistently document a POST /api/hardening/generate endpoint and request/response shapes. There are no declared capabilities or environment requests that are inconsistent with this purpose.
Instruction Scope
SKILL.md stays within scope: it defines request/response payloads for generating hardening profiles and does not instruct the agent to read local files, other config paths, or unrelated environment variables. However, the instructions do not specify authentication, server base URLs in the OpenAPI spec, or how to handle potentially sensitive configuration data when sent to the external API — these omissions are operational gaps to be aware of.
Install Mechanism
No install spec or code files (instruction-only), so nothing is written to disk or installed. This is the lowest-risk install profile for a skill.
Credentials
The skill requests no environment variables or credentials, which is proportionate for an instruction-only API description. That said, the SKILL.md references external endpoints and a commercial provider (toolweb.in / api.mkkpro.com) but gives no guidance on API keys or authentication — if the real service requires credentials, those would need to be provided separately and should be reviewed before use.
Persistence & Privilege
The skill is not marked always:true, is user-invocable, and does not ask to modify agent or system-wide settings. It requests no persistent privileges.
Assessment
This skill appears to be an API wrapper that generates Check Point hardening configs and is internally consistent, but before using it you should: 1) verify the provider (toolweb.in / api.mkkpro.com) and trustworthiness of the endpoint; 2) confirm whether the external API requires authentication and, if so, how credentials are handled (do not paste secrets into chat history); 3) avoid sending real, sensitive network or credential data when testing — use synthetic data first; 4) review the service's privacy/security policy and TLS/hostname details (the docs reference a non-standard port and multiple domains); and 5) if you need offline or on-premises hardening templates, consider obtaining authoritative guidance from Check Point or your vendor rather than sending configuration details to an external service.

Like a lobster shell, security has layers — review code before you run it.

latestvk971g7rbrjkfs66446j6sna2cd83w9cn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments