Windows Hardening

Security checks across malware telemetry and agentic risk

Overview

This skill documents a third-party API for generating Windows hardening configurations, with expected operational and privacy cautions but no hidden code or automatic system changes.

Before installing or using this skill, verify that you trust the ToolWeb/api.mkkpro provider, avoid putting personal or production-sensitive values in sessionId or userId, and review generated Windows policies in a test environment with a rollback plan before applying them to real systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill presents itself as a professional security hardening generator but does not warn that its output can disable services, restrict remote access, or otherwise materially alter Windows system behavior if applied. In a security tooling context, omission of deployment-impact warnings can mislead users into unsafe rollout, causing outages, lockouts, or unintended denial of administrative access.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The API requires or supports transmission of session identifiers, user identifiers, and timestamps for tracking and audit purposes, but the documentation does not disclose privacy or data-handling implications. This can lead users to send identifiable or sensitive metadata to a third-party service without informed consent or appropriate minimization.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal