404kidwiz/powershell-security-hardening
powershell-security-hardening-skill/SKILL.md
Expert in Windows security hardening and PowerShell security configuration. Specializes in securing automation, enforcing least privilege, and aligning with enterprise security baselines. Use for securing PowerShell environments and Windows systems. Triggers include "PowerShell security", "constrained language mode", "JEA", "execution policy", "security baseline", "PowerShell logging".
$ install --global
skillsauthnpx skillsauth add 404kidwiz/claude-supercode-skills powershell-security-hardeningInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Error
VirusTotalMulti-engine malware detection
70%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 25, 2026, 6:01 PM43.8s8 files scanned
SKILL.md
- name:
- powershell-security-hardening
- description:
- Expert in Windows security hardening and PowerShell security configuration. Specializes in securing automation, enforcing least privilege, and aligning with enterprise security baselines. Use for securing PowerShell environments and Windows systems. Triggers include "PowerShell security", "constrained language mode", "JEA", "execution policy", "security baseline", "PowerShell logging".
PowerShell Security Hardening
Purpose
Provides expertise in Windows security hardening and PowerShell security configuration. Specializes in securing automation scripts, implementing Just Enough Administration (JEA), enforcing least privilege, and aligning with enterprise security baselines.
When to Use
- Configuring PowerShell security policies
- Implementing Constrained Language Mode
- Setting up Just Enough Administration (JEA)
- Enabling PowerShell logging and auditing
- Securing automation credentials
- Applying CIS/STIG baselines
- Protecting against PowerShell attacks
- Implementing execution policies
Quick Start
Invoke this skill when:
- Hardening PowerShell environments
- Implementing JEA or constrained language mode
- Configuring PowerShell logging
- Securing automation credentials
- Applying security baselines
Do NOT invoke when:
- General Windows administration → use
/windows-infra-admin - PowerShell development → use
/powershell-7-expert - Active Directory security → use
/ad-security-reviewer - Network security → use
/network-engineer
Decision Framework
Security Requirement?
├── Script Execution Control
│ ├── Basic → Execution Policy
│ └── Strict → AppLocker/WDAC
├── Language Restriction
│ └── Constrained Language Mode
├── Privilege Reduction
│ └── JEA (Just Enough Administration)
└── Auditing
└── Script Block Logging + Transcription
Core Workflows
1. PowerShell Logging Setup
- Enable Script Block Logging via GPO
- Enable Module Logging for key modules
- Configure transcription to secure location
- Set up protected event log forwarding
- Create alerts for suspicious patterns
- Test logging with sample scripts
2. JEA Configuration
- Define role capabilities file
- Specify allowed cmdlets and parameters
- Create session configuration
- Register JEA endpoint
- Test with limited user account
- Document role assignments
3. Constrained Language Mode
- Assess application requirements
- Create AppLocker/WDAC policy
- Enable CLM for untrusted scripts
- Whitelist required scripts
- Test application functionality
- Monitor for bypass attempts
Best Practices
- Enable script block logging on all systems
- Use JEA instead of full admin rights
- Store credentials in secure vault (not scripts)
- Apply AMSI for malware detection
- Use signed scripts with AllSigned policy
- Regularly audit PowerShell usage logs
Anti-Patterns
| Anti-Pattern | Problem | Correct Approach | |--------------|---------|------------------| | Credentials in scripts | Exposure risk | SecretManagement vault | | Disabled logging | No visibility | Enable all logging | | Bypass execution policy | Security theater | AppLocker/WDAC | | Full admin for automation | Over-privileged | JEA with minimal rights | | Ignoring AMSI | Malware blind spot | Keep AMSI enabled |
Related Skills
404kidwiz/xlsx
development
VerifiedTrustedCommunity
Expert in automating Excel workflows using Node.js (ExcelJS, SheetJS) and Python (pandas, openpyxl).
63SKILL.mdUpdated Mar 25, 2026
404kidwiz/workflow-orchestrator
content-media
VerifiedTrustedCommunity
Expert in designing durable, scalable workflow systems using Temporal, Camunda, and Event-Driven Architectures.
63SKILL.mdUpdated Mar 25, 2026
404kidwiz/wordpress-master
tools
VerifiedTrustedCommunity
Use when user needs WordPress development, theme or plugin creation, site optimization, security hardening, multisite management, or scaling WordPress from small sites to enterprise platforms.
63SKILL.mdUpdated Mar 25, 2026
404kidwiz/windows-infra-admin
tools
VerifiedTrustedCommunity
Expert in Windows Server, Active Directory (AD DS), Hybrid Identity (Entra ID), and PowerShell automation.
63SKILL.mdUpdated Mar 25, 2026