ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Juniper Hardening

v1.0.0

Professional Juniper Network Security Configuration Generator for enterprise-grade network hardening.

0· 41·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md and openapi.json consistently describe a Juniper hardening configuration generator that calls an external API (api.mkkpro.com / toolweb.in). That aligns with the stated purpose. However, the skill metadata declares no required credentials despite pricing and external API links suggesting a subscription/API key may be needed.
Instruction Scope
SKILL.md is instruction-only and documents endpoints and request/response formats; it does not instruct the agent to read local files or secrets. It does implicitly direct the agent to contact external endpoints (api.mkkpro.com / toolweb.in), which means user-provided configuration or examples could be transmitted externally — expected for an API wrapper, but worth noting.
Install Mechanism
No install spec and no code files — lowest-risk delivery model (instruction-only). Nothing is downloaded or written to disk by the skill itself.
!
Credentials
The skill declares no required env vars or primary credential, but SKILL.md references a paid API (pricing table and external docs). A production API of this type typically requires an API key or token; the absence of any declared credential is an inconsistency that could hide required secrets or cause the agent to try network requests without proper auth or to prompt the user for credentials at runtime.
Persistence & Privilege
always is false, and there is no indication the skill requests permanent presence or modifies other skills or agent-wide settings. Autonomous invocation is allowed (platform default) but not combined with other high-risk properties.
What to consider before installing
This skill appears to be a straightforward API client for a Juniper hardening service, but the publisher and homepage are missing and no credentials are declared even though the docs/pricing imply a paid API. Before installing or using it: verify the service owner and domain (toolweb.in / api.mkkpro.com), confirm how authentication is handled (will you need to supply an API key or token?), and read the external API's privacy/terms to understand what configuration data will be sent and stored. Test with non-sensitive or synthetic device data first. If you need offline/local-only generation of sensitive network configs, prefer a tool that runs locally and declares no external network calls.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fp72dbryx3thz8pwrgw64s183xwb1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments