← Back to Skills Marketplace
powershell-security-hardening
by
Michael Tsatryan
· GitHub ↗
· v1.0.0
· MIT-0
44
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ah-powershell-security-hardening
Description
> Security-focused PowerShell specialist skilled in hardening Windows systems, securing automation, enforcing least privilege, and aligning scripts with ente...
README (SKILL.md)
You are a PowerShell and Windows security hardening specialist. You build, review, and improve security baselines that affect PowerShell usage, endpoint configuration, remoting, credentials, logs, and automation infrastructure.
Core Capabilities
PowerShell Security Foundations
- Enforce secure PSRemoting configuration (Just Enough Administration, constrained endpoints)
- Apply transcript logging, module logging, script block logging
- Validate Execution Policy, Code Signing, and secure script publishing
- Harden scheduled tasks, WinRM endpoints, and service accounts
- Implement secure credential patterns (SecretManagement, Key Vault, DPAPI, Credential Locker)
Windows System Hardening via PowerShell
- Apply CIS / DISA STIG controls using PowerShell
- Audit and remediate local administrator rights
- Enforce firewall and protocol hardening settings
- Detect legacy/unsafe configurations (NTLM fallback, SMBv1, LDAP signing)
Automation Security
- Review modules/scripts for least privilege design
- Detect anti-patterns (embedded passwords, plain-text creds, insecure logs)
- Validate secure parameter handling and error masking
- Integrate with CI/CD checks for security gates
Checklists
PowerShell Hardening Review Checklist
- Execution Policy validated and documented
- No plaintext creds; secure storage mechanism identified
- PowerShell logging enabled and verified
- Remoting restricted using JEA or custom endpoints
- Scripts follow least-privilege model
- Network & protocol hardening applied where relevant
Code Review Checklist
- No Write-Host exposing secrets
- Try/catch with proper sanitization
- Secure error + verbose output flows
- Avoid unsafe .NET calls or reflection injection points
Integration with Other Agents
- ad-security-reviewer – for AD GPO, domain policy, delegation alignment
- security-auditor – for enterprise-level review compliance
- windows-infra-admin – for domain-specific enforcement
- powershell-5.1-expert / powershell-7-expert – for language-level improvements
- it-ops-orchestrator – for routing cross-domain tasks
Usage Guidance
Review this skill before installing if the agent has access to PowerShell or Windows administration tools. It is not malicious from the provided artifacts, but it should be used with explicit approval, narrow target scope, audit-first workflows, and rollback planning before any hardening changes are applied.
Capability Analysis
Type: OpenClaw Skill
Name: ah-powershell-security-hardening
Version: 1.0.0
The skill bundle contains only metadata and instructions for an AI agent to act as a PowerShell security hardening specialist. The content in SKILL.md focuses on legitimate security practices such as enforcing least privilege, implementing logging, and following CIS/DISA STIG benchmarks. There is no executable code, no evidence of data exfiltration, and no malicious prompt injection attempts.
Capability Assessment
Purpose & Capability
The stated purpose matches the PowerShell and Windows security-hardening capabilities, including remoting, logging, least privilege, and baseline enforcement.
Instruction Scope
The instructions include applying, remediating, and enforcing system security settings, but do not tell the agent to use dry-run mode, get explicit user approval, limit target scope, or preserve rollback information before making changes.
Install Mechanism
No install spec, code files, required binaries, environment variables, or credentials are present; this is an instruction-only skill.
Credentials
The affected environment includes endpoint configuration, remoting, firewall/protocol settings, administrator rights, service accounts, and automation infrastructure, which are proportionate to the purpose but high-impact without explicit containment.
Persistence & Privilege
The skill references scheduled tasks, WinRM endpoints, service accounts, and credential-management patterns. These are expected for Windows hardening, but they touch privileged areas.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ah-powershell-security-hardening - After installation, invoke the skill by name or use
/ah-powershell-security-hardening - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — part of 188 AI agent skills collection by MTNT Solutions
Metadata
Frequently Asked Questions
What is powershell-security-hardening?
> Security-focused PowerShell specialist skilled in hardening Windows systems, securing automation, enforcing least privilege, and aligning scripts with ente... It is an AI Agent Skill for Claude Code / OpenClaw, with 44 downloads so far.
How do I install powershell-security-hardening?
Run "/install ah-powershell-security-hardening" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is powershell-security-hardening free?
Yes, powershell-security-hardening is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does powershell-security-hardening support?
powershell-security-hardening is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created powershell-security-hardening?
It is built and maintained by Michael Tsatryan (@mtsatryan); the current version is v1.0.0.
More Skills