DNYoussef/.claude/skills/specialized-tools/when-setting-network-security-use-network-security-setup
.claude/skills/specialized-tools/when-setting-network-security-use-network-security-setup/SKILL.md
# Network Security Setup SOP ```yaml metadata: skill_name: when-setting-network-security-use-network-security-setup version: 1.0.0 category: specialized-tools difficulty: intermediate estimated_duration: 25-45 minutes trigger_patterns: - "network security" - "configure network isolation" - "trusted domains" - "firewall rules" - "network access control" dependencies: - Claude Code sandbox - Network configuration access agents: - security-manager
$ install --global
skillsauthnpx skillsauth add DNYoussef/ai-chrome-extension .claude/skills/specialized-tools/when-setting-network-security-use-network-security-setupInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 12:29 PM102.1s3 files scanned
SKILL.md
Network Security Setup SOP
metadata:
skill_name: when-setting-network-security-use-network-security-setup
version: 1.0.0
category: specialized-tools
difficulty: intermediate
estimated_duration: 25-45 minutes
trigger_patterns:
- "network security"
- "configure network isolation"
- "trusted domains"
- "firewall rules"
- "network access control"
dependencies:
- Claude Code sandbox
- Network configuration access
agents:
- security-manager
- cicd-engineer
success_criteria:
- Trusted domains configured
- Access policies implemented
- Environment variables set
- Network tests passing
- Documentation complete
Overview
Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.
Agent Responsibilities
security-manager
- Design network security architecture
- Define trusted domains and policies
- Validate security configurations
- Create security documentation
cicd-engineer
- Implement network configurations
- Deploy firewall rules
- Setup environment variables
- Create monitoring tools
Phase 1: Audit Network Requirements
Identify required network access, external dependencies, and security constraints.
mkdir -p network-security/{policies,config,tests,docs}
# Document network requirements
cat > network-security/docs/NETWORK-REQUIREMENTS.md << 'EOF'
# Network Access Requirements
## External Dependencies
- Anthropic API (api.anthropic.com)
- GitHub (github.com, *.github.com)
- NPM Registry (npmjs.org)
- PyPI (pypi.org)
- Docker Hub (docker.io)
## Required Ports
- Outbound: 80 (HTTP), 443 (HTTPS), 22 (SSH)
- Inbound: 3000, 5000, 8000, 8080 (Application)
## Protocols
- Allowed: HTTP/HTTPS, SSH, Git
- Blocked: FTP, Telnet, SMTP
## Rate Limits
- 100 requests/minute
- Burst: 150 requests
EOF
Phase 2: Design Security Policies
Create comprehensive network security policies with allow/deny rules.
cat > network-security/policies/network-policy.json << 'EOF'
{
"network_security": {
"mode": "whitelist",
"trusted_domains": [
"*.anthropic.com",
"api.openai.com",
"github.com",
"*.github.com",
"raw.githubusercontent.com",
"npmjs.org",
"registry.npmjs.org",
"pypi.org",
"files.pythonhosted.org",
"docker.io",
"registry-1.docker.io"
],
"blocked_domains": [
"*.malicious.com",
"suspicious.net"
],
"allowed_ports": {
"outbound": [80, 443, 22],
"inbound": [3000, 5000, 8000, 8080]
},
"rate_limiting": {
"enabled": true,
"requests_per_minute": 100,
"burst": 150
},
"dns_filtering": {
"enabled": true,
"block_private_ips": true,
"block_localhost_bypass": true
}
}
}
EOF
Phase 3: Implement Network Isolation
Deploy firewall rules, DNS filtering, and access controls.
cat > network-security/config/configure-network.sh << 'EOF'
#!/bin/bash
set -e
echo "Configuring network security..."
# Configure firewall (iptables)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
# DNS filtering
cat >> /etc/hosts << 'HOSTS'
127.0.0.1 malicious.com
127.0.0.1 suspicious.net
HOSTS
# Environment variables
cat > /etc/environment.d/network-security.conf << 'ENV'
HTTPS_PROXY=""
NO_PROXY="localhost,127.0.0.1"
TRUSTED_DOMAINS="anthropic.com,github.com,npmjs.org,pypi.org,docker.io"
ENV
echo "Network security configured"
EOF
chmod +x network-security/config/configure-network.sh
Phase 4: Test Access Controls
Validate network policies through comprehensive testing.
cat > network-security/tests/network-tests.sh << 'EOF'
#!/bin/bash
echo "Testing Network Security..."
# Test trusted domain access
curl -s --max-time 5 https://api.anthropic.com && echo "✓ Trusted domain accessible"
# Test blocked domain
! curl -s --max-time 5 https://malicious.com && echo "✓ Blocked domain inaccessible"
# Test allowed ports
nc -zv localhost 3000 && echo "✓ Port 3000 accessible"
echo "Network tests complete"
EOF
chmod +x network-security/tests/network-tests.sh
Phase 5: Document Configuration
Create comprehensive documentation for network security setup.
cat > network-security/docs/DEPLOYMENT.md << 'EOF'
# Network Security Deployment
## Quick Start
1. Review requirements
2. Deploy configuration: `./network-security/config/configure-network.sh`
3. Test policies: `./network-security/tests/network-tests.sh`
4. Monitor: Check logs for violations
## Trusted Domains
- Anthropic API
- GitHub
- NPM/PyPI
- Docker Hub
## Monitoring
- Connection logs: `/var/log/connections.log`
- Firewall logs: `/var/log/firewall.log`
- DNS queries: `/var/log/dns.log`
## Maintenance
- Review monthly
- Update trusted domains as needed
- Audit logs weekly
EOF
Workflow Summary
Duration: 25-45 minutes
Deliverables:
- Network security policies
- Firewall configuration
- DNS filtering
- Test suite
- Documentation
Best Practices
- Whitelist Approach: Deny by default
- Least Privilege: Minimal access
- Regular Testing: Weekly validation
- Continuous Monitoring: Real-time logs
- Documentation: Keep updated
Related Skills
DNYoussef/Verification & Quality Assurance
development
VerifiedTrustedCommunity
Comprehensive truth scoring, code quality verification, and automatic rollback system with 0.95 accuracy threshold for ensuring high-quality agent outputs and codebase reliability.
3SKILL.mdUpdated Apr 17, 2026
DNYoussef/when-optimizing-prompts-use-prompt-architect
development
VerifiedTrustedCommunity
Comprehensive framework for analyzing, creating, and refining prompts for AI systems using evidence-based techniques
3SKILL.mdUpdated Apr 17, 2026
DNYoussef/when-optimizing-agent-learning-use-reasoningbank-intelligence
data-ai
VerifiedTrustedCommunity
Implement adaptive learning with ReasoningBank for pattern recognition, strategy optimization, and continuous improvement
3SKILL.mdUpdated Apr 17, 2026
DNYoussef/when-creating-skill-template-use-skill-builder
development
VerifiedTrustedCommunity
Create new Claude Code Skills with proper YAML frontmatter, progressive disclosure structure, and complete directory organization
3SKILL.mdUpdated Apr 17, 2026