ClawHub

Windows Hardening

v1.0.0

Professional Windows Security Configuration Generator for automated hardening policy creation and deployment.

0· 51·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the included OpenAPI spec and SKILL.md: the skill documents endpoints to generate and list hardening options. Minor mismatch: the description mentions 'deployment' and 'session-based request tracking', but the spec only describes generation and download URLs — no site-specific deployment mechanism or authentication details are provided.
Instruction Scope
SKILL.md limits runtime instructions to API request/response formats and example payloads. It does not instruct reading local files, accessing unrelated environment variables, or performing system changes itself. The indicated workflow requires calling external endpoints (e.g., api.mkkpro.com/toolweb.in).
Install Mechanism
No install spec and no code files — instruction-only. Nothing will be written to disk by an installer as part of skill installation.
Credentials
The skill declares no required environment variables or credentials. This is coherent if the external API is public, but unusual given the pricing tiers and the download URL examples — a production API would typically require an API key or auth token. The absence of declared auth parameters is a gap to clarify before use.
Persistence & Privilege
always is false (default) and autonomous invocation is allowed (platform default). The skill does not request persistent system privileges or configuration changes to other skills.
Assessment
This skill is effectively documentation/OpenAPI for a third-party Windows hardening API (toolweb/api.mkkpro). Before installing or using it: 1) Verify the vendor and endpoints (toolweb.in / api.mkkpro.com) — confirm they are legitimate and use HTTPS. 2) Ask the publisher how authentication is handled (no API key or auth is declared). 3) Don't send sensitive credentials or production identifiers in test requests; use non-sensitive sample data first. 4) If you plan to use generated configs, review them locally before applying to real systems — automation that applies security policies can disrupt services if misconfigured. 5) Consider preferring internal, auditable tools or well-known vendors for automated hardening if you need strong traceability and accountability.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cbhnywwtzj7k0hzpn85n6eh83wmqh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments