← 返回 Skills 市场

Kubernetes Hardening

Name: Kubernetes Hardening
Author: krishnakumarmahadevan-cmd

作者 ToolWeb · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

188

总下载

当前安装

版本数

在 OpenClaw 中安装

/install toolweb-kubernetes-hardening

功能描述

Generates security hardening recommendations and configurations for Kubernetes clusters based on specified hardening options.

使用说明 (SKILL.md)

Overview

The Kubernetes Hardening Tool is a security-focused API that generates comprehensive hardening recommendations and configurations for Kubernetes environments. Designed for DevSecOps teams, security engineers, and infrastructure professionals, this tool automates the process of identifying and implementing security best practices across Kubernetes clusters.

The tool accepts detailed hardening preferences and contextual information, then returns tailored security configurations and recommendations. It integrates seamlessly into CI/CD pipelines, infrastructure-as-code workflows, and security compliance frameworks, enabling organizations to maintain consistent, audit-ready Kubernetes security postures.

Ideal users include security teams implementing CIS Kubernetes Benchmarks, platform engineers building secure multi-tenant clusters, and compliance-focused organizations requiring documented hardening strategies.

Usage

Sample Request

{
  "sessionId": "sess_abc123def456",
  "userId": 1001,
  "timestamp": "2024-01-15T14:30:00Z",
  "hardeningOptions": {
    "rbac": ["enable-strict-policies", "service-account-isolation"],
    "network": ["deny-all-ingress", "deny-all-egress", "enable-network-policies"],
    "pod-security": ["restrict-privileged-containers", "enforce-read-only-filesystem"],
    "audit": ["enable-audit-logging", "log-authentication-events"]
  }
}

Sample Response

{
  "status": "success",
  "sessionId": "sess_abc123def456",
  "timestamp": "2024-01-15T14:30:15Z",
  "hardeningConfigurations": {
    "rbac": {
      "policies": [
        {
          "kind": "ClusterRole",
          "name": "restricted-viewer",
          "rules": [
            {
              "apiGroups": [""],
              "resources": ["pods"],
              "verbs": ["get", "list"]
            }
          ]
        }
      ],
      "serviceAccounts": ["default-restricted"]
    },
    "network": {
      "networkPolicies": [
        {
          "apiVersion": "networking.k8s.io/v1",
          "kind": "NetworkPolicy",
          "metadata": { "name": "deny-all-ingress" },
          "spec": {
            "podSelector": {},
            "policyTypes": ["Ingress"]
          }
        }
      ]
    },
    "pod-security": {
      "policies": [
        {
          "apiVersion": "policy/v1beta1",
          "kind": "PodSecurityPolicy",
          "metadata": { "name": "restricted" },
          "spec": {
            "privileged": false,
            "readOnlyRootFilesystem": true
          }
        }
      ]
    },
    "audit": {
      "auditPolicy": {
        "apiVersion": "audit.k8s.io/v1",
        "kind": "Policy",
        "rules": [
          {
            "level": "RequestResponse",
            "omitStages": ["RequestReceived"],
            "resources": ["secrets"]
          }
        ]
      }
    }
  },
  "recommendations": [
    "Enable Pod Security Standards in addition to deprecated PodSecurityPolicy",
    "Implement OPA/Gatekeeper for policy enforcement",
    "Configure encrypted secrets at rest"
  ]
}

Endpoints

POST /api/hardening/generate

Generates comprehensive Kubernetes hardening configurations and security recommendations based on provided hardening options and session context.

Method: POST

Path: /api/hardening/generate

Description: Analyzes the specified hardening options and generates Kubernetes security configurations including RBAC policies, network policies, pod security policies, and audit logging settings.

Parameters

Name	Type	Required	Description
`sessionId`	string	Yes	Unique session identifier for tracking and auditing purposes
`userId`	integer or null	Yes	User identifier associated with the hardening request; can be null for anonymous requests
`timestamp`	string	Yes	ISO 8601 formatted timestamp of the request
`hardeningOptions`	object	Yes	Map of hardening categories to arrays of specific hardening options to apply
`hardeningOptions.rbac`	array of strings	Conditional	RBAC hardening options (e.g., "enable-strict-policies", "service-account-isolation")
`hardeningOptions.network`	array of strings	Conditional	Network policy options (e.g., "deny-all-ingress", "enable-network-policies")
`hardeningOptions.pod-security`	array of strings	Conditional	Pod security options (e.g., "restrict-privileged-containers", "enforce-read-only-filesystem")
`hardeningOptions.audit`	array of strings	Conditional	Audit logging options (e.g., "enable-audit-logging", "log-authentication-events")

Response

Success (200): Returns a JSON object containing:

status: Operation status indicator
sessionId: Echo of the input session ID
timestamp: Response timestamp
hardeningConfigurations: Object with generated Kubernetes manifests and configurations organized by category
recommendations: Array of additional security recommendations and best practices

Validation Error (422): Returns an HTTPValidationError object with:

detail: Array of validation errors, each containing:
- loc: Array indicating the location of the error in the request
- msg: Human-readable error message
- type: Error classification

Pricing

Plan	Calls/Day	Calls/Month	Price
Free	5	50	Free
Developer	20	500	$39/mo
Professional	200	5,000	$99/mo
Enterprise	100,000	1,000,000	$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Kong Route: https://api.mkkpro.com/hardening/kubernetes
API Docs: https://api.mkkpro.com:8126/docs

安全使用建议

This skill appears to be an instruction-only generator for Kubernetes hardening manifests and is internally consistent. Before installing or using it, confirm whether it is intended to call a remote ToolWeb.in API (the SKILL.md references that service and pricing). If it does, ask the provider for the base URL and authentication requirements — do not send real cluster credentials, kubeconfigs, or secrets to an unknown remote endpoint. If you only want a local generator, test the skill on non-sensitive example inputs first and verify that it does not attempt network calls. If you plan to use produced manifests in production, review them manually (or in CI) before applying to clusters.

功能分析

Type: OpenClaw Skill Name: toolweb-kubernetes-hardening Version: 1.0.0 The skill bundle defines a legitimate utility for generating Kubernetes security hardening configurations (RBAC, Network Policies, etc.) via a remote API (api.mkkpro.com). The code and documentation (SKILL.md, openapi.json) are consistent with the stated purpose and do not contain any indicators of data exfiltration, malicious execution, or prompt injection.

能力评估

ℹ Purpose & Capability

The name, description, SKILL.md content and openapi.json consistently describe an API that generates Kubernetes hardening recommendations and manifests. However, the SKILL.md repeatedly references an external provider (toolweb.in) and pricing; if the skill is a client for a remote paid API that requires authentication, the package does not declare any required credentials or endpoint. This is a potential mismatch (documentation vs. declared requirements) rather than an obvious maliciousness.

✓ Instruction Scope

SKILL.md contains API request/response examples and an OpenAPI path for /api/hardening/generate. It does not instruct the agent to read filesystem paths, environment variables, or other unrelated system state, nor to send data to any concrete external URL. The instructions stay within the stated purpose of generating hardening configs and recommendations.

✓ Install Mechanism

No install spec and no code files are present (instruction-only skill). Nothing is written to disk or downloaded by the skill itself.

ℹ Credentials

The skill declares no required environment variables or credentials, which is coherent if the skill purely generates content locally. However, because the SKILL.md references ToolWeb.in and pricing plans (implying a remote service), the absence of any declared API key/credential is notable and should be clarified before use.

✓ Persistence & Privilege

always is false and the skill is user-invocable. It does not request persistent or elevated platform privileges and does not modify other skills or system-wide agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install toolweb-kubernetes-hardening
安装完成后，直接呼叫该 Skill 的名称或使用 /toolweb-kubernetes-hardening 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of the Kubernetes Hardening Tool API: - Generates tailored security hardening recommendations and Kubernetes configurations based on user-specified options. - Supports categories: RBAC, network policies, pod security, and audit logging. - Integrates with CI/CD, IaC workflows, and security compliance frameworks. - Provides detailed API documentation, usage examples, and sample request/response payloads. - Includes tiered pricing plans for Free, Developer, Professional, and Enterprise users.

元数据

Slug toolweb-kubernetes-hardening

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 0

历史版本数 1

常见问题