ClawHub

Fortigate Firewall Audit

v1.0.0

FortiOS VDOM segmentation audit with UTM profile binding validation, FortiGuard service health assessment, SD-WAN security evaluation, and HA cluster posture...

0· 98·1 current·1 all-time
byVahagn Madatyan@vahagn-madatyan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (FortiOS VDOM/UTM/SD-WAN/HA audit) matches the instructions: all commands are FortiGate read-only CLI commands and the SKILL.md explicitly requests read-only or diagnose-level access. The only minor inconsistency is the registry metadata that lists no required binaries while the SKILL.md openclaw metadata lists `ssh` as a required binary — requiring SSH is reasonable for this skill.
Instruction Scope
Runtime instructions are a sequential audit flow of non-modifying `get`, `show`, and `diagnose` commands and listing/inspection steps. The SKILL.md does not ask the agent to read unrelated host files, transmit data to external endpoints, or perform configuration changes. It does note that `diagnose`/`debug` level privilege may be needed for some runtime state, which is appropriate and documented.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk and there is no installation risk.
Credentials
The skill does not declare environment variables or credentials in the registry entry, but it reasonably requires access to the target FortiGate (SSH/CLI or equivalent). That means the agent or user will need to provide device credentials or SSH key material at runtime; this is proportional to the described purpose but users should ensure the agent only receives a read-only/diagnostic account and not full admin credentials. Also note the small metadata mismatch: SKILL.md metadata includes `bins:["ssh"]` while the registry summary listed 'Required binaries: none'.
Persistence & Privilege
The skill does not request persistent presence (always:false), does not modify other skills or system settings, and has no install-time persistence, which is proportionate to its audit purpose.
Assessment
This skill is an audit playbook of FortiGate read-only CLI commands and appears to do what it claims. Before installing or running it: 1) ensure the agent will use a least-privilege (read-only or diagnose-level) account on the FortiGate — do not provide full admin credentials unless you intend configuration changes; 2) confirm how the agent will connect (SSH/keys or username/password) and avoid exposing private SSH keys to untrusted contexts; 3) verify the agent environment has an `ssh` client available (SKILL.md lists it as required) even though the registry entry omitted that requirement; 4) review the outputs the skill will collect — these include full policy configs and license/status information — and make sure you are comfortable with storing or sharing that output; and 5) if you need stronger assurance, run the listed CLI commands manually or in a controlled test environment first to validate expected behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c0j2sdjmqq71kev54pqsjdh83ddk1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments