ClawHub

Cisco IOSXR Hardening

v1.0.0

Generate security hardening configurations for Cisco IOS XR devices with customizable hardening options.

0· 47·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (generate IOS XR hardening configs) matches the provided SKILL.md and openapi.json: both describe a single POST endpoint that returns generated configuration. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope
The SKILL.md is instruction-only and documents an external HTTP API (POST /api/hardening/generate and GET /). It does not instruct the agent to read local files, environment variables, or system paths, which keeps scope narrow. However, it also does not show how the AI should authenticate or handle potentially sensitive input (device identifiers, existing configs) when calling the external API.
Install Mechanism
No install spec or code is included (instruction-only). No downloads or archives are referenced, so nothing will be written to disk by an installer step.
Credentials
The skill declares no required environment variables or credentials, which is consistent with the included openapi.json (no security schemes). That said, the SKILL.md mentions pricing tiers and third-party hosts (toolweb.in, api.mkkpro.com), so in real deployments an API key/account is likely required — the skill doesn't declare this or specify how secrets would be used, which is an omission to verify.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or elevated agent privileges. There are no instructions to modify other skills or system-wide settings.
Assessment
This skill appears to be a thin wrapper describing a third-party API that generates Cisco IOS XR hardening configs. Before installing or using it: (1) verify the API provider (toolweb.in / api.mkkpro.com) reputation and TLS endpoints; (2) confirm whether an API key or account is required — the SKILL.md mentions pricing but doesn't declare authentication or how secrets would be provided; (3) avoid sending real device credentials or full device configs until you understand what the remote service stores and its retention/privacy policy; (4) test with non-production devices/configs first; and (5) if you intend the agent to call the external endpoint automatically, ensure you supply credentials via a secure secret store and review network egress policies.

Like a lobster shell, security has layers — review code before you run it.

latestvk979xr9zr82t9x44yzb0csvkqs83x0ke

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments