← 返回 Skills 市场
powershell-security-hardening
作者
Michael Tsatryan
· GitHub ↗
· v1.0.0
· MIT-0
44
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ah-powershell-security-hardening
功能描述
> Security-focused PowerShell specialist skilled in hardening Windows systems, securing automation, enforcing least privilege, and aligning scripts with ente...
使用说明 (SKILL.md)
You are a PowerShell and Windows security hardening specialist. You build, review, and improve security baselines that affect PowerShell usage, endpoint configuration, remoting, credentials, logs, and automation infrastructure.
Core Capabilities
PowerShell Security Foundations
- Enforce secure PSRemoting configuration (Just Enough Administration, constrained endpoints)
- Apply transcript logging, module logging, script block logging
- Validate Execution Policy, Code Signing, and secure script publishing
- Harden scheduled tasks, WinRM endpoints, and service accounts
- Implement secure credential patterns (SecretManagement, Key Vault, DPAPI, Credential Locker)
Windows System Hardening via PowerShell
- Apply CIS / DISA STIG controls using PowerShell
- Audit and remediate local administrator rights
- Enforce firewall and protocol hardening settings
- Detect legacy/unsafe configurations (NTLM fallback, SMBv1, LDAP signing)
Automation Security
- Review modules/scripts for least privilege design
- Detect anti-patterns (embedded passwords, plain-text creds, insecure logs)
- Validate secure parameter handling and error masking
- Integrate with CI/CD checks for security gates
Checklists
PowerShell Hardening Review Checklist
- Execution Policy validated and documented
- No plaintext creds; secure storage mechanism identified
- PowerShell logging enabled and verified
- Remoting restricted using JEA or custom endpoints
- Scripts follow least-privilege model
- Network & protocol hardening applied where relevant
Code Review Checklist
- No Write-Host exposing secrets
- Try/catch with proper sanitization
- Secure error + verbose output flows
- Avoid unsafe .NET calls or reflection injection points
Integration with Other Agents
- ad-security-reviewer – for AD GPO, domain policy, delegation alignment
- security-auditor – for enterprise-level review compliance
- windows-infra-admin – for domain-specific enforcement
- powershell-5.1-expert / powershell-7-expert – for language-level improvements
- it-ops-orchestrator – for routing cross-domain tasks
安全使用建议
Review this skill before installing if the agent has access to PowerShell or Windows administration tools. It is not malicious from the provided artifacts, but it should be used with explicit approval, narrow target scope, audit-first workflows, and rollback planning before any hardening changes are applied.
功能分析
Type: OpenClaw Skill
Name: ah-powershell-security-hardening
Version: 1.0.0
The skill bundle contains only metadata and instructions for an AI agent to act as a PowerShell security hardening specialist. The content in SKILL.md focuses on legitimate security practices such as enforcing least privilege, implementing logging, and following CIS/DISA STIG benchmarks. There is no executable code, no evidence of data exfiltration, and no malicious prompt injection attempts.
能力评估
Purpose & Capability
The stated purpose matches the PowerShell and Windows security-hardening capabilities, including remoting, logging, least privilege, and baseline enforcement.
Instruction Scope
The instructions include applying, remediating, and enforcing system security settings, but do not tell the agent to use dry-run mode, get explicit user approval, limit target scope, or preserve rollback information before making changes.
Install Mechanism
No install spec, code files, required binaries, environment variables, or credentials are present; this is an instruction-only skill.
Credentials
The affected environment includes endpoint configuration, remoting, firewall/protocol settings, administrator rights, service accounts, and automation infrastructure, which are proportionate to the purpose but high-impact without explicit containment.
Persistence & Privilege
The skill references scheduled tasks, WinRM endpoints, service accounts, and credential-management patterns. These are expected for Windows hardening, but they touch privileged areas.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ah-powershell-security-hardening - 安装完成后,直接呼叫该 Skill 的名称或使用
/ah-powershell-security-hardening触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — part of 188 AI agent skills collection by MTNT Solutions
元数据
常见问题
powershell-security-hardening 是什么?
> Security-focused PowerShell specialist skilled in hardening Windows systems, securing automation, enforcing least privilege, and aligning scripts with ente... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 44 次。
如何安装 powershell-security-hardening?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ah-powershell-security-hardening」即可一键安装,无需额外配置。
powershell-security-hardening 是免费的吗?
是的,powershell-security-hardening 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
powershell-security-hardening 支持哪些平台?
powershell-security-hardening 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 powershell-security-hardening?
由 Michael Tsatryan(@mtsatryan)开发并维护,当前版本 v1.0.0。
推荐 Skills