Docker Hardening

Professional Docker security configuration generator aligned with CIS Benchmark v1.8.0 standards.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 24 · 0 current installs · 0 all-time installs

byToolWeb@krishnakumarmahadevan-cmd

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name and description match the provided SKILL.md and openapi.json: the skill is an API-style generator for Docker hardening artifacts. No required binaries or system access are declared, which is consistent if the implementation is an external service. However, the SKILL.md repeatedly references external API hosts and commercial plans (toolweb.in / api.mkkpro.com) while the package declares no required credentials or servers — a mild mismatch between claimed hosted-API behavior and manifest metadata.

✓

Instruction Scope

Runtime instructions and examples are limited to generating configuration files and describing API endpoints. The SKILL.md does not instruct the agent to read local files, environment variables, or system config, nor to exfiltrate unrelated data. It provides example request/response shapes and endpoint routes only.

✓

Install Mechanism

Instruction-only skill with no install spec and no code files to write to disk. This is low-risk from an installation-perspective — nothing is downloaded or executed locally by the skill package itself.

Credentials

The documentation and openapi reference external endpoints and a paid/free pricing model, yet the skill metadata declares no required environment variables, no primary credential, and the openapi.json lacks server URL entries. If the agent will call api.mkkpro.com or portal.toolweb.in, those calls may require API keys, auth, or will transmit potentially sensitive container configuration data. The absence of any declared credential requirement (or explicit statement that the API is unauthenticated) is an inconsistency and a potential privacy/operational concern.

✓

Persistence & Privilege

always is false and there is no install-time persistence. The skill does not request to modify other skills or system-wide agent settings. Autonomous invocation is allowed (default) but not combined with other high privileges.

What to consider before installing

This skill appears to be a front-end for an external API that generates hardened Docker configs. Before installing or invoking it, confirm whether the agent will send your Dockerfiles, deployment manifests, or other sensitive configuration to the external hosts listed (toolweb.in / api.mkkpro.com). Ask the publisher whether authentication is required and whether sent data is stored or logged; review the service's privacy/terms. Because the skill metadata does not declare required credentials or server endpoints, treat network calls as potential exfiltration paths — test using non-sensitive sample data first, prefer an on-prem/self-hosted alternative if you must keep configs private, and verify the publisher identity (domains and RapidAPI profile) before use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk977ffjxkjf6ny0xkxwg0z3dxn83xbtd

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Overview

The Docker Security Hardening Tool is a professional-grade API for generating CIS Benchmark-compliant Docker security configurations. It automates the creation of hardened Docker deployment manifests, security policies, and configuration files that align with industry-standard security best practices (CIS Benchmark v1.8.0).

This tool is essential for DevOps engineers, security teams, and infrastructure architects who need to rapidly deploy secure Docker environments without manual configuration. It eliminates guesswork by providing validated, benchmark-aligned configurations that can be immediately deployed to production systems.

The API provides intelligent option discovery, flexible configuration generation, and audit-ready output suitable for compliance documentation and security reviews.

Usage

Example Request:

{
  "hardeningOptions": {
    "image_security": ["scan_images", "minimal_base"],
    "runtime_security": ["read_only_root", "no_privileged"],
    "network_security": ["restrict_ports", "user_namespaces"]
  },
  "sessionId": "sess_abc123def456",
  "userId": 12847,
  "timestamp": "2025-01-15T10:30:00Z"
}

Example Response:

{
  "status": "success",
  "configurationId": "config_xyz789",
  "generatedFiles": {
    "Dockerfile.hardened": "FROM alpine:3.18\nRUN addgroup -S appgroup && adduser -S appuser -G appgroup\nUSER appuser\nRUN chmod a-w /\nRUN chmod u+w /tmp /var/tmp\nENTRYPOINT [\"app\"]\n",
    "docker-compose.hardened.yml": "version: '3.8'\nservices:\n  app:\n    image: myapp:hardened\n    read_only: true\n    security_opt:\n      - no-new-privileges:true\n    cap_drop:\n      - ALL\n    cap_add:\n      - NET_BIND_SERVICE\n    networks:\n      - internal\nnetworks:\n  internal:\n    driver: bridge\n",
    "security_policy.json": "{\n  \"version\": \"1.0\",\n  \"benchmark\": \"CIS Docker Benchmark v1.8.0\",\n  \"policies\": [\n    {\"id\": \"4.1\", \"description\": \"Ensure AppArmor Profile is Enabled\", \"status\": \"applied\"},\n    {\"id\": \"4.5\", \"description\": \"Ensure default ulimit is set appropriately\", \"status\": \"applied\"}\n  ]\n}\n"
  },
  "appliedPolicies": [
    "4.1 - AppArmor enabled",
    "4.5 - Ulimit restrictions",
    "5.1 - Read-only root filesystem",
    "5.27 - User namespace enabled"
  ],
  "complianceScore": 94,
  "recommendations": [
    "Consider implementing runtime scanning with Falco for behavioral monitoring",
    "Enable image scanning in your container registry"
  ],
  "timestamp": "2025-01-15T10:30:15Z"
}

Endpoints

GET /

Description: Health check endpoint to verify API availability.

Parameters: None

Response:

200 OK - JSON object confirming service status

POST /api/docker/hardening/generate

Description: Generate Docker security hardening configuration files based on specified options.

Parameters:

Name	Type	Required	Description
hardeningOptions	object	Yes	Dictionary mapping security categories to option arrays. Keys represent security domains (e.g., "image_security", "runtime_security"), values are arrays of specific hardening techniques.
sessionId	string	Yes	Unique session identifier for tracking and audit purposes.
userId	integer or null	No	Optional user identifier for multi-tenant environments and usage tracking.
timestamp	string	Yes	ISO 8601 formatted timestamp of the request (e.g., "2025-01-15T10:30:00Z").

Response Shape:

{
  "status": "string",
  "configurationId": "string",
  "generatedFiles": {
    "Dockerfile.hardened": "string",
    "docker-compose.hardened.yml": "string",
    "security_policy.json": "string"
  },
  "appliedPolicies": ["string"],
  "complianceScore": "integer (0-100)",
  "recommendations": ["string"],
  "timestamp": "string"
}

GET /api/docker/hardening/options

Description: Retrieve all available hardening options with descriptions, categories, and CIS Benchmark references.

Parameters: None

Response Shape:

{
  "imageSecurityOptions": [
    {
      "id": "string",
      "name": "string",
      "description": "string",
      "cisBenchmarkId": "string"
    }
  ],
  "runtimeSecurityOptions": [...],
  "networkSecurityOptions": [...],
  "storageSecurityOptions": [...],
  "version": "string",
  "lastUpdated": "string"
}

Pricing

Plan	Calls/Day	Calls/Month	Price
Free	5	50	Free
Developer	20	500	$39/mo
Professional	200	5,000	$99/mo
Enterprise	100,000	1,000,000	$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Kong Route: https://api.mkkpro.com/hardening/docker
API Docs: https://api.mkkpro.com:8136/docs

Files

2 total

Select a file

Select a file to preview.

Comments

Loading comments…