Checkpoint Hardening

Security checks across malware telemetry and agentic risk

Overview

This is a coherent API-based Check Point hardening helper, but users should know it sends hardening request details and identifiers to an external provider.

Install only if you trust the ToolWeb/api.mkkpro service for security-configuration work. Do not send credentials, internal network details, or identifiable user/session values unless your organization has approved that data flow, and review any generated hardening output before applying it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Missing User Warnings

Low

Confidence: 94% confidence
Finding: The skill documentation shows that requests include sessionId, userId, and timestamp, but it does not clearly warn users that these identifiers may be transmitted to an external third-party API. This is a real privacy/transparency issue because users or integrators may unknowingly send identifying or traceable metadata off-platform, increasing data exposure and compliance risk.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The operation is described only as "Generate" with no clear scope, constraints, or safety boundaries, which makes it difficult for an agent or caller to understand exactly what kinds of hardening outputs are intended or permitted. In an agent skill that produces security configurations, vague activation and behavior definitions can enable misuse, overbroad invocation, or generation of unsafe or inappropriate configurations because the interface does not communicate sufficient guardrails.

External Transmission

Medium

Category: Data Exfiltration
Content: ## References - **Kong Route:** https://api.mkkpro.com/hardening/checkpoint - **API Docs:** https://api.mkkpro.com:8143/docs
Confidence: 87% confidence
Finding: https://api.mkkpro.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal