Cis Benchmark Audit
v1.0.0CIS benchmark compliance assessment for network infrastructure devices. Maps device configuration against CIS benchmark controls organized by Management Plan...
⭐ 0· 88·1 current·1 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name, description, and runtime instructions consistently describe a CIS compliance audit for network devices (Cisco IOS, PAN-OS, JunOS, Check Point). The listed verification commands and control mappings match the stated purpose. There is a minor metadata inconsistency: the SKILL.md openclaw metadata indicates the skill requires the 'ssh' binary (bins: ["ssh"]) while the registry summary lists no required binaries; this appears to be an editorial/metadata mismatch rather than a functional mismatch with the skill's purpose.
Instruction Scope
The SKILL.md procedure is narrowly scoped to read-only evidence collection (show/show-config commands and mapping to CIS control IDs). It does not instruct the agent to read unrelated local files, environment variables, or send data to external endpoints. Note: the read-only commands necessarily return sensitive configuration information (password hashes, SNMP community strings, keys, etc.), which is expected for a compliance audit but should be considered when granting access.
Install Mechanism
No install spec is present and the skill contains only documentation (instruction-only). This has the lowest installation risk because nothing is written to disk or fetched at install time.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate to an instruction-only read-only audit — the operator supplies device access (SSH/API) outside the skill. There are no excessive secret requests.
Persistence & Privilege
The skill is not forced-always and does not request persistent privileges. Model invocation is allowed (default) which is normal for skills; there is no indication the skill modifies other skills or agent-wide configuration.
Assessment
This skill is internally coherent for performing CIS read-only audits of network devices. Before using it, ensure you: (1) run it only with explicit read-only administrative accounts on target devices (limit source IPs and session scope), because the listed 'show' commands will return sensitive configuration data (password hashes, SNMP community strings, keys); (2) verify whether your environment has the ssh binary available (SKILL.md metadata references ssh) and resolve the small metadata mismatch noted above; (3) do not feed licensed CIS benchmark documents into the skill — the docs should be obtained separately as the skill only references control IDs; (4) test on non-production devices first to confirm the commands and output format match your device OS/version. If you need the skill to run autonomously, treat the outputs (audit evidence) as sensitive and protect their storage and transmission.Like a lobster shell, security has layers — review code before you run it.
latestvk97a1ghtmz134tk8df1gryr6j183dggb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.