ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenShift Hardening

v1.0.0

Professional OpenShift Container Platform security configuration generator that creates hardened deployment manifests and security policies.

0· 93·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for krishnakumarmahadevan-cmd/toolweb-openshift-hardening.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OpenShift Hardening" (krishnakumarmahadevan-cmd/toolweb-openshift-hardening) from ClawHub.
Skill page: https://clawhub.ai/krishnakumarmahadevan-cmd/toolweb-openshift-hardening
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install toolweb-openshift-hardening

ClawHub CLI

Package manager switcher

npx clawhub@latest install toolweb-openshift-hardening
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and openapi.json describe an API that generates OpenShift hardening manifests and policy objects, which is coherent with the skill name and description. However the package claims Red Hat branding while the source/homepage are missing and the owner ID is unverified — that mismatch is a provenance/branding concern (possible impersonation or misleading naming).
Instruction Scope
The instructions present sample requests/responses and an OpenAPI spec for endpoints that accept hardeningOptions and return download URLs. They do not instruct the agent to read local system files or environment variables, but they imply sending user-supplied configuration/context to a remote service. Because OpenShift manifests and cluster details can be sensitive, this external-call vector is a privacy/exfiltration risk even though the SKILL.md doesn't directly tell the agent to read local files.
Install Mechanism
No install spec and no code files beyond documentation/OpenAPI are included; this is instruction-only so nothing will be written to disk by an installer. That lowers risk from arbitrary code installation.
Credentials
The skill declares no required environment variables or credentials. At first glance this is proportional, but the OpenAPI spec contains no securitySchemes or authentication details: the documented endpoints (including a downloadUrl hosted at https://api.mkkpro.com) appear callable without declared credentials. Sending potentially sensitive cluster config to an unauthenticated third‑party endpoint is a data‑exposure concern. Also the lack of provenance for the service means there's no assurance of how submitted data will be stored or used.
Persistence & Privilege
always:false and no install/update behavior are present. The skill does not request permanent presence or modify other skills/configs — no elevated persistence privileges are requested.
What to consider before installing
This skill appears to implement what it claims (OpenShift hardening config generation) but has several red flags you should consider before installing or using it: - Verify the vendor and provenance: the SKILL.md uses Red Hat terminology but there is no source or homepage and the owner ID is unverified. Confirm this is an official or trusted provider before sending data. - Avoid sending sensitive cluster data or secrets: the API paths and the example download URL point to api.mkkpro.com and the OpenAPI spec does not define authentication. Data you send could be stored or accessed by a third party. - Prefer local/offline generation or an officially supported tool if you must harden production clusters. If you still want to test this skill, do so in an isolated environment with non-production data and contact the vendor for security/privacy documentation and authentication requirements. - If you need to proceed in a real environment, ask the skill author for: a) proof of identity/affiliation, b) privacy/security policy for submitted data, and c) an authenticated API flow (OAuth/API key) with clear retention rules. Because of the external service call and lack of provenance/authentication, treat this skill as suspicious until those questions are answered.

Like a lobster shell, security has layers — review code before you run it.

latestvk9731tpg19ccqevv77dtkj1gth83ykej
93downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
ToolWeb@krishnakumarmahadevan-cmd
latest
Download

Overview

The Red Hat OpenShift Security Hardening Tool is a professional-grade API designed to generate security-hardened configuration files for OpenShift Container Platform deployments. Built for DevSecOps teams and platform engineers, this tool automates the creation of security baselines that align with industry best practices and compliance frameworks.

The tool enables organizations to rapidly deploy secure OpenShift clusters by generating pre-configured security policies, network policies, RBAC configurations, and pod security standards. Rather than manually crafting security controls, users specify their hardening requirements and receive production-ready configuration files that enforce security controls across their containerized infrastructure.

Ideal users include DevSecOps engineers, Kubernetes platform administrators, security architects, and organizations undergoing compliance audits (SOC 2, PCI-DSS, HIPAA) who need to demonstrate and maintain security posture across OpenShift deployments.

Usage

Sample Request

{
  "sessionId": "sess_8f3c4a2b9e1d7f5k",
  "userId": 12345,
  "timestamp": "2024-01-15T10:30:00Z",
  "hardeningOptions": {
    "networkPolicy": ["deny-all-ingress", "allow-dns", "allow-api-server"],
    "rbac": ["least-privilege", "service-account-restriction"],
    "podSecurity": ["restricted", "audit-logging"],
    "imageSecurity": ["image-scanning", "registry-whitelist"],
    "encryption": ["etcd-encryption", "tls-everywhere"]
  }
}

Sample Response

{
  "status": "success",
  "sessionId": "sess_8f3c4a2b9e1d7f5k",
  "timestamp": "2024-01-15T10:30:05Z",
  "hardeningConfig": {
    "networkPolicies": [
      {
        "apiVersion": "networking.k8s.io/v1",
        "kind": "NetworkPolicy",
        "metadata": {
          "name": "default-deny-ingress",
          "namespace": "default"
        },
        "spec": {
          "podSelector": {},
          "policyTypes": ["Ingress"]
        }
      }
    ],
    "rbacConfigurations": [
      {
        "apiVersion": "rbac.authorization.k8s.io/v1",
        "kind": "ClusterRole",
        "metadata": {
          "name": "pod-reader"
        },
        "rules": [
          {
            "apiGroups": [""],
            "resources": ["pods"],
            "verbs": ["get", "list"]
          }
        ]
      }
    ],
    "podSecurityStandards": {
      "enforce": "restricted",
      "audit": "restricted",
      "warn": "restricted"
    },
    "securityPolicies": {
      "imagePullPolicy": "Always",
      "allowPrivilegedEscalation": false,
      "runAsNonRoot": true,
      "readOnlyRootFilesystem": true
    }
  },
  "configFiles": {
    "count": 12,
    "formats": ["yaml", "json"],
    "downloadUrl": "https://api.mkkpro.com/hardening/openshift/download/sess_8f3c4a2b9e1d7f5k"
  },
  "complianceMapping": {
    "frameworks": ["CIS Kubernetes Benchmark", "NIST Cybersecurity Framework", "PCI-DSS"],
    "coveragePercentage": 94
  }
}

Endpoints

GET /

Health check endpoint to verify API availability.

Method: GET

Path: /

Description: Returns service health status and basic API information.

Parameters: None

Response Schema:

Status: 200 OK
Content-Type: application/json
Body: {} (empty object or service status metadata)

POST /api/hardening/generate

Generate OpenShift security hardening configuration files based on specified security requirements.

Method: POST

Path: /api/hardening/generate

Description: Accepts hardening options and generates complete, production-ready OpenShift security configuration files including network policies, RBAC rules, pod security standards, and encryption settings.

Request Parameters:

ParameterTypeRequiredDescription
sessionIdstringYesUnique session identifier for tracking and audit purposes
userIdintegerNoOptional user identifier for multi-tenant tracking
timestampstringYesISO 8601 formatted timestamp of the request
hardeningOptionsobjectYesDictionary mapping hardening categories to arrays of specific options (e.g., {"networkPolicy": ["deny-all-ingress"], "rbac": ["least-privilege"]})

Response Schema:

Status: 200 OK
Content-Type: application/json
Body: {
  "status": "success",
  "sessionId": "string",
  "timestamp": "string",
  "hardeningConfig": {
    "networkPolicies": [...],
    "rbacConfigurations": [...],
    "podSecurityStandards": {...},
    "securityPolicies": {...}
  },
  "configFiles": {
    "count": integer,
    "formats": ["yaml", "json"],
    "downloadUrl": "string"
  },
  "complianceMapping": {
    "frameworks": [...],
    "coveragePercentage": integer
  }
}

Error Response (422):

Status: 422 Unprocessable Entity
Content-Type: application/json
Body: {
  "detail": [
    {
      "loc": ["body", "hardeningOptions"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

GET /api/hardening/options

Retrieve all available hardening options and categories supported by the tool.

Method: GET

Path: /api/hardening/options

Description: Returns a comprehensive list of all available hardening options organized by category, including descriptions and compatibility information for different OpenShift versions.

Parameters: None

Response Schema:

Status: 200 OK
Content-Type: application/json
Body: {
  "categories": {
    "networkPolicy": {
      "options": [
        {"id": "deny-all-ingress", "description": "...", "versions": ["4.10+"]},
        {"id": "allow-dns", "description": "...", "versions": ["4.10+"]}
      ]
    },
    "rbac": {
      "options": [
        {"id": "least-privilege", "description": "...", "versions": ["4.10+"]},
        {"id": "service-account-restriction", "description": "...", "versions": ["4.10+"]}
      ]
    },
    "podSecurity": {...},
    "imageSecurity": {...},
    "encryption": {...}
  },
  "metadata": {
    "totalOptions": integer,
    "lastUpdated": "string"
  }
}

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Comments

Loading comments...