ClawHub

Kubernetes Hardening

v1.0.0

Generates security hardening recommendations and configurations for Kubernetes clusters based on specified hardening options.

0· 83·1 current·1 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name, description, SKILL.md content and openapi.json consistently describe an API that generates Kubernetes hardening recommendations and manifests. However, the SKILL.md repeatedly references an external provider (toolweb.in) and pricing; if the skill is a client for a remote paid API that requires authentication, the package does not declare any required credentials or endpoint. This is a potential mismatch (documentation vs. declared requirements) rather than an obvious maliciousness.
Instruction Scope
SKILL.md contains API request/response examples and an OpenAPI path for /api/hardening/generate. It does not instruct the agent to read filesystem paths, environment variables, or other unrelated system state, nor to send data to any concrete external URL. The instructions stay within the stated purpose of generating hardening configs and recommendations.
Install Mechanism
No install spec and no code files are present (instruction-only skill). Nothing is written to disk or downloaded by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is coherent if the skill purely generates content locally. However, because the SKILL.md references ToolWeb.in and pricing plans (implying a remote service), the absence of any declared API key/credential is notable and should be clarified before use.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent or elevated platform privileges and does not modify other skills or system-wide agent settings.
Assessment
This skill appears to be an instruction-only generator for Kubernetes hardening manifests and is internally consistent. Before installing or using it, confirm whether it is intended to call a remote ToolWeb.in API (the SKILL.md references that service and pricing). If it does, ask the provider for the base URL and authentication requirements — do not send real cluster credentials, kubeconfigs, or secrets to an unknown remote endpoint. If you only want a local generator, test the skill on non-sensitive example inputs first and verify that it does not attempt network calls. If you plan to use produced manifests in production, review them manually (or in CI) before applying to clusters.

Like a lobster shell, security has layers — review code before you run it.

latestvk970s3dp6a599d59dg149r6cen83wh93

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments