ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cisco NXOS Hardening

v1.0.0

Generates security hardening configurations for Cisco NX-OS network devices based on specified options.

0· 39·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to generate NX-OS hardening configs and the SKILL.md + openapi.json describe exactly that API surface. That alignment is reasonable. However the documentation references third‑party hosts (api.mkkpro.com, toolweb.in) and a paid pricing model while the skill declares no credentials/environment variables — a mismatch worth noting (how will requests be authenticated if required?).
!
Instruction Scope
The SKILL.md provides a full API spec and example request/response, implying the agent will send hardeningOptions and session metadata to a remote service. It does not explicitly limit what the agent may include, nor does it describe authentication, privacy, or handling of potentially sensitive network configuration or identifiers. That raises concern about unintended exfiltration of network topology, device identifiers, or secrets when using the skill.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or installed locally, which minimizes local install risk.
Credentials
The skill declares no required environment variables or credentials. Given the referenced external API and pricing plans, it's unusual that no API key or auth mechanism is declared. This could be benign (public unauthenticated API or omitted documentation) or could indicate the skill will prompt for or expect credentials outside the declared manifest — a proportionality mismatch to clarify before use.
Persistence & Privilege
The skill does not request always:true, does not request system config paths, and is user-invocable only. It does not request persistent privileges or modify other skills — no privilege escalation indicators in the manifest.
What to consider before installing
This skill appears to do what it says (generate NX-OS hardening commands), but it references external services (api.mkkpro.com / toolweb.in) and a paid pricing model while declaring no authentication details. Before installing or using it: 1) Verify the provider and trustworthiness of the referenced domains and read their privacy/security policies; 2) Do not send real device credentials, secrets, or sensitive topology data until you're sure where data is sent and how it's protected (TLS, retention, access control); 3) Ask the skill author how the API is authenticated (API key/OAuth) and why no credentials are declared in the manifest; 4) If you need offline/air‑gapped hardening, prefer a local generator or vetted open-source tooling instead of an online service; 5) Test with non-sensitive dummy data first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ed47kh6a8v8st6k7vn7j8e983wyw7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments