ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GKE Hardening

v1.0.0

Generates CIS Benchmark-aligned security hardening configurations for Google Kubernetes Engine clusters.

0· 115·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for krishnakumarmahadevan-cmd/toolweb-gke-hardening.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GKE Hardening" (krishnakumarmahadevan-cmd/toolweb-gke-hardening) from ClawHub.
Skill page: https://clawhub.ai/krishnakumarmahadevan-cmd/toolweb-gke-hardening
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install toolweb-gke-hardening

ClawHub CLI

Package manager switcher

npx clawhub@latest install toolweb-gke-hardening
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md examples and openapi.json are consistent: the skill is a generator for GKE CIS-based hardening configs and exposes endpoints to generate configs and list options. There are no unrelated binaries, env vars, or config paths requested.
Instruction Scope
SKILL.md is narrowly scoped to accepting hardeningOptions/sessionId/userId/timestamp and returning YAML config files. However, the doc and references point to an external hosted API (api.mkkpro.com / toolweb.in) as the implementation. That implies the agent will send request data (including session/user identifiers and the chosen hardening options) to a third party — this is reasonable for a hosted service but is a behavior users should be aware of.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute locally; lowest install risk. The openapi.json is present for API schema purposes only.
!
Credentials
The documentation and pricing indicate a hosted API, but the skill does not declare any required credentials, API keys, or security schemes. If the service requires authentication or will receive potentially sensitive GKE configuration details, not declaring required credentials is an inconsistency and a privacy/security concern. Sending cluster policy choices or identifiers to a remote service without explicit auth and data-handling guidance could expose sensitive information.
Persistence & Privilege
Skill does not request always:true, does not modify other skills, and has no elevated persistence or system privileges. Autonomous invocation (model invocation enabled) is the platform default and not by itself an issue.
Scan Findings in Context
[no_regex_findings] unexpected: The regex-based scanner produced no findings because this is an instruction-only skill with no executable code files. Absence of findings does not imply safety — the runtime behavior (calls to external APIs) is defined in SKILL.md and openapi.json rather than in local code.
What to consider before installing
This skill appears to be a front-end for a hosted service that generates GKE hardening YAMLs. Before installing or using it, consider: (1) The skill will send your hardening options and session/user identifiers to a third party (toolweb.in / api.mkkpro.com). Don't send real cluster names, credentials, secrets, or anything uniquely identifying unless you trust the service. (2) The skill does not declare required API credentials or a security scheme — ask the publisher whether an API key or authentication is required and how data is protected in transit and at rest. (3) Review the external API's docs, privacy policy, and TLS certificate; verify pricing and rate limits. (4) If you need local-only generation for sensitive environments, prefer a skill that runs entirely locally or provides explicit offline operation. (5) If you proceed, test with non-sensitive/dummy data first and request written details about audit logging, retention, and how user/session IDs are used.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qmpyrtnhhp5kps859xg7t183zk8a
115downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
ToolWeb@krishnakumarmahadevan-cmd
latest
Download

Overview

The GKE Security Hardening Tool is a specialized security configuration generator designed to help DevOps engineers and security teams harden Google Kubernetes Engine (GKE) clusters according to Center for Internet Security (CIS) Benchmark standards. The tool automates the creation of security-focused configuration files, reducing manual setup time and ensuring compliance with industry-recognized security standards.

This tool is ideal for organizations deploying GKE in regulated environments, security-conscious teams implementing defense-in-depth strategies, and DevOps teams seeking to automate cluster hardening workflows. By leveraging the CIS Benchmarks, the tool ensures that generated configurations align with proven security practices and reduce the attack surface of Kubernetes deployments.

Key capabilities include generating hardened configuration files based on selected security options, retrieving all available hardening parameters, and tracking requests through session and user identifiers for audit and compliance purposes.

Usage

Example Request

Generate a hardened GKE configuration with specific security options:

{
  "hardeningOptions": {
    "networkPolicy": ["enabled", "restrictive"],
    "rbac": ["enabled"],
    "podSecurityPolicy": ["enabled", "restricted"],
    "auditLogging": ["enabled", "verbose"],
    "encryptionAtRest": ["enabled"]
  },
  "sessionId": "sess_abc123def456",
  "userId": 12345,
  "timestamp": "2024-01-15T10:30:00Z"
}

Example Response

{
  "configFiles": [
    {
      "filename": "network-policy.yaml",
      "content": "apiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n  name: default-deny\nspec:\n  podSelector: {}\n  policyTypes:\n  - Ingress\n  - Egress"
    },
    {
      "filename": "rbac-config.yaml",
      "content": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n  name: minimal-access\nrules:\n- apiGroups: [\"\"]\n  resources: [\"pods\"]\n  verbs: [\"get\", \"list\"]"
    },
    {
      "filename": "pod-security-policy.yaml",
      "content": "apiVersion: policy/v1beta1\nkind: PodSecurityPolicy\nmetadata:\n  name: restricted\nspec:\n  privileged: false\n  allowPrivilegeEscalation: false\n  requiredDropCapabilities:\n  - ALL"
    }
  ],
  "sessionId": "sess_abc123def456",
  "generatedAt": "2024-01-15T10:30:05Z",
  "status": "success"
}

Endpoints

GET /

Description: Health check endpoint for service availability verification.

Parameters: None

Response: Returns JSON object confirming service status.

POST /api/gke/hardening/generate

Description: Generates GKE security hardening configuration files based on provided hardening options.

Parameters:

NameTypeRequiredDescription
hardeningOptionsobjectYesDictionary mapping hardening feature names to arrays of configuration values (e.g., {"networkPolicy": ["enabled", "restrictive"]})
sessionIdstringYesUnique session identifier for tracking and audit purposes
userIdinteger or nullNoUser identifier for audit logging and usage attribution
timestampstringYesISO 8601 formatted timestamp of the request

Response: Returns JSON object containing:

  • configFiles: Array of objects with filename and content properties containing generated YAML configurations
  • sessionId: Echo of the request session identifier
  • generatedAt: Timestamp of configuration generation
  • status: "success" or error status

GET /api/gke/hardening/options

Description: Retrieves all available hardening options and their supported values for GKE configuration.

Parameters: None

Response: Returns JSON object mapping hardening feature names to arrays of available configuration options.

GET /health

Description: Health check endpoint for monitoring and liveness probes.

Parameters: None

Response: Returns JSON object confirming service health status.

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Comments

Loading comments...