首页龙虾技能列表 › Active Directory Hardening

Active Directory Hardening

v1.0.0

Enterprise-grade API for generating optimized Active Directory security configuration files with hardening best practices.

0· 75·0 当前·0 累计
by @krishnakumarmahadevan-cmd (ToolWeb)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/3/31
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
The skill's description (an external API for generating AD hardening configs) generally matches its contents, but there are gaps and inconsistencies (no server/auth info, unknown source, and it returns deployable PowerShell) that warrant caution before use.
评估建议
This package appears to be an API specification for generating Active Directory hardening configurations, not an implemented client or hosted service. Before installing or using it: 1) Confirm the provider and hosting origin (who operates the API and where it's hosted); the registry metadata lists 'unknown' source and no homepage. 2) Ask for the API base URL and authentication mechanism — a paid API should require credentials (API key/token) which are not declared here. 3) Treat any generated de...
详细分析 ▾
用途与能力
The skill claims to be an 'enterprise-grade API' that generates Active Directory hardening configurations and the SKILL.md/openapi.json describe endpoints and request/response shapes that align with that purpose. However, the package includes no server base URL, no authentication details, and no install/runtime that actually implements a client or server — so the 'API' is only a spec/documentation. The existence of pricing tiers for an external service but no declared credentials is inconsistent with a hosted paid API.
指令范围
The SKILL.md is an API specification and sample requests/responses; it does not instruct the agent to read local files, collect unrelated system data, or exfiltrate secrets. That said, the responses include deployable PowerShell scripts (deploymentScript) which are powerful and can make system changes if executed — the skill provides no safety guidance or sandboxing instructions. Also the SKILL.md does not provide a server 'servers' entry or base URL, so following the endpoints as-is is incomplete.
安装机制
This is an instruction-only skill with no install spec and no code files to execute. That minimizes on-disk installation risk. There are no downloads, extracted archives, or third-party packages declared.
凭证需求
The skill declares no required environment variables or credentials. For a documented paid API with pricing tiers, you'd normally expect at least an API key or token to be required; the absence of any auth declaration is inconsistent and could mean the spec is incomplete or the skill expects the agent to produce configs locally. No credentials are requested, so there's no obvious secret-exfiltration vector in the skill metadata, but lack of auth details is a red flag for practical usage.
持久化与权限
The skill does not request always:true and makes no claims about modifying other skills or system-wide agent settings. It is user-invocable and allows autonomous invocation (default), which is normal for skills.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/31

Initial release: Enterprise-grade API for Active Directory hardening - Automates generation of optimized AD security configuration files based on best practices and CISSP standards. - Provides endpoints to generate configurations, list available hardening options, and perform health checks. - Supports flexible hardening options including password policies, account lockout, Kerberos, and group policy. - Returns deployable configuration files, PowerShell deployment scripts, and detailed audit logs. - Includes multiple pricing tiers with free and paid usage plans.

● 无害

安装命令 点击复制

官方npx clawhub@latest install toolweb-active-directory-hardening
镜像加速npx clawhub@latest install toolweb-active-directory-hardening --registry https://cn.clawhub-mirror.com

技能文档

The Active Directory Hardening Tool is an enterprise-grade security API designed to generate comprehensive Active Directory (AD) hardening configuration files based on industry best practices and CISSP-aligned security standards. This tool automates the complex process of configuring AD security settings, reducing manual configuration errors and ensuring consistent security posture across AD environments.

Organizations managing large-scale Active Directory deployments require robust security configurations to protect against lateral movement, privilege escalation, and unauthorized access. This tool streamlines the generation of hardening configurations by accepting flexible hardening options and producing deployment-ready configuration files. It is ideal for security architects, system administrators, and organizations undergoing AD security assessments or compliance initiatives.

The API provides enumeration of available hardening options, allowing teams to understand all supported configurations before generating customized hardening profiles. This enables organizations to tailor security configurations to their specific risk profiles and operational requirements.

# Usage

Sample Request

Generate an AD hardening configuration with multiple security options:

{
  "sessionId": "sess_abc123def456",
  "userId": 12345,
  "timestamp": "2025-01-15T10:30:00Z",
  "hardeningOptions": {
    "passwordPolicy": ["enforceComplexity", "minLength14", "historyCount24"],
    "accountLockout": ["threshold5", "duration30minutes", "resetCounterAfter30"],
    "kerberosHardening": ["enableAESEncryption", "disableRC4", "setMaxTicketLifetime"],
    "groupPolicy": ["enableAudit", "disableAnonymousAccess", "restrictNetworkAccess"]
  }
}

Sample Response

{
  "status": "success",
  "configurationId": "config_xyz789uvw",
  "timestamp": "2025-01-15T10:30:15Z",
  "configurations": {
    "passwordPolicy": {
      "enforceComplexity": true,
      "minimumLength": 14,
      "passwordHistoryCount": 24,
      "maximumPasswordAge": 90
    },
    "accountLockout": {
      "lockoutThreshold": 5,
      "lockoutDuration": 30,
      "resetCounterAfterMinutes": 30
    },
    "kerberosHardening": {
      "encryptionTypes": ["AES256", "AES128"],
      "disabledEncryption": ["RC4"],
      "maxTicketLifetimeHours": 10
    },
    "groupPolicy": {
      "auditingEnabled": true,
      "anonymousAccessDisabled": true,
      "networkAccessRestricted": true
    }
  },
  "deploymentScript": "powershell_script_content_here",
  "auditLog": {
    "requestId": "req_123456",
    "userId": 12345,
    "action": "AD_HARDENING_GENERATED",
    "timestamp": "2025-01-15T10:30:15Z"
  }
}

# Endpoints

GET /

Health Check Endpoint

Verifies API availability and returns service status.

Method: GET Path: /

Parameters: None

Response:

  • Status Code: 200
  • Content-Type: application/json
  • Body: Service status object confirming API health

POST /api/ad-hardening/generate

Generate AD Hardening Configuration

Generates enterprise-ready Active Directory hardening configuration files based on specified security options. Returns deployable configurations and scripts.

Method: POST Path: /api/ad-hardening/generate

Request Body (application/json):

ParameterTypeRequiredDescription
hardeningOptionsObject (string arrays)YesMap of hardening categories to configuration options. Keys represent hardening domains (e.g., passwordPolicy, accountLockout, kerberosHardening); values are arrays of specific settings to apply.
sessionIdStringYesUnique session identifier for request tracking and audit logging. Used to correlate multiple requests within a session.
userIdInteger \nullNoOptional user identifier for audit trail association. Useful for tracking which user generated the configuration.
timestampStringYesISO 8601 formatted timestamp of request generation. Must be in UTC format (e.g., "2025-01-15T10:30:00Z").
Response:
  • Status Code: 200
  • Content-Type: application/json
  • Body: Configuration object containing hardened AD settings, deployment scripts, and audit trail metadata
  • Status Code: 422 (on validation error)
  • Content-Type: application/json
  • Body: HTTPValidationError object with detailed field-level validation errors

GET /api/ad-hardening/options

Retrieve Available Hardening Options

Enumerates all supported Active Directory hardening options, categories, and their descriptions. Use this endpoint to discover available configurations before generating hardening profiles.

Method: GET Path: /api/ad-hardening/options

Parameters: None

Response:

  • Status Code: 200
  • Content-Type: application/json
  • Body: Object containing hierarchical hardening options with descriptions:
- Available hardening categories (passwordPolicy, accountLockout, kerberosHardening, groupPolicy, etc.) - Supported settings within each category - Parameter descriptions and recommended values - Security impact and compliance mappings

# Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo
# About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

# References

  • Kong Route: https://api.mkkpro.com/hardening/active-directory
  • API Documentation: https://api.mkkpro.com:8127/docs
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务