aiskillstore/when-setting-network-security-use-network-security-setup
skills/dnyoussef/when-setting-network-security-use-network-security-setup/SKILL.md
Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.
$ install --global
skillsauthnpx skillsauth add aiskillstore/marketplace when-setting-network-security-use-network-security-setupInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 1, 2026, 3:02 PM57.7s4 files scanned
SKILL.md
- name:
- when-setting-network-security-use-network-security-setup
- description:
- Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.
Network Security Setup SOP
metadata:
skill_name: when-setting-network-security-use-network-security-setup
version: 1.0.0
category: specialized-tools
difficulty: intermediate
estimated_duration: 25-45 minutes
trigger_patterns:
- "network security"
- "configure network isolation"
- "trusted domains"
- "firewall rules"
- "network access control"
dependencies:
- Claude Code sandbox
- Network configuration access
agents:
- security-manager
- cicd-engineer
success_criteria:
- Trusted domains configured
- Access policies implemented
- Environment variables set
- Network tests passing
- Documentation complete
Overview
Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.
Agent Responsibilities
security-manager
- Design network security architecture
- Define trusted domains and policies
- Validate security configurations
- Create security documentation
cicd-engineer
- Implement network configurations
- Deploy firewall rules
- Setup environment variables
- Create monitoring tools
Phase 1: Audit Network Requirements
Identify required network access, external dependencies, and security constraints.
mkdir -p network-security/{policies,config,tests,docs}
# Document network requirements
cat > network-security/docs/NETWORK-REQUIREMENTS.md << 'EOF'
# Network Access Requirements
## External Dependencies
- Anthropic API (api.anthropic.com)
- GitHub (github.com, *.github.com)
- NPM Registry (npmjs.org)
- PyPI (pypi.org)
- Docker Hub (docker.io)
## Required Ports
- Outbound: 80 (HTTP), 443 (HTTPS), 22 (SSH)
- Inbound: 3000, 5000, 8000, 8080 (Application)
## Protocols
- Allowed: HTTP/HTTPS, SSH, Git
- Blocked: FTP, Telnet, SMTP
## Rate Limits
- 100 requests/minute
- Burst: 150 requests
EOF
Phase 2: Design Security Policies
Create comprehensive network security policies with allow/deny rules.
cat > network-security/policies/network-policy.json << 'EOF'
{
"network_security": {
"mode": "whitelist",
"trusted_domains": [
"*.anthropic.com",
"api.openai.com",
"github.com",
"*.github.com",
"raw.githubusercontent.com",
"npmjs.org",
"registry.npmjs.org",
"pypi.org",
"files.pythonhosted.org",
"docker.io",
"registry-1.docker.io"
],
"blocked_domains": [
"*.malicious.com",
"suspicious.net"
],
"allowed_ports": {
"outbound": [80, 443, 22],
"inbound": [3000, 5000, 8000, 8080]
},
"rate_limiting": {
"enabled": true,
"requests_per_minute": 100,
"burst": 150
},
"dns_filtering": {
"enabled": true,
"block_private_ips": true,
"block_localhost_bypass": true
}
}
}
EOF
Phase 3: Implement Network Isolation
Deploy firewall rules, DNS filtering, and access controls.
cat > network-security/config/configure-network.sh << 'EOF'
#!/bin/bash
set -e
echo "Configuring network security..."
# Configure firewall (iptables)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
# DNS filtering
cat >> /etc/hosts << 'HOSTS'
127.0.0.1 malicious.com
127.0.0.1 suspicious.net
HOSTS
# Environment variables
cat > /etc/environment.d/network-security.conf << 'ENV'
HTTPS_PROXY=""
NO_PROXY="localhost,127.0.0.1"
TRUSTED_DOMAINS="anthropic.com,github.com,npmjs.org,pypi.org,docker.io"
ENV
echo "Network security configured"
EOF
chmod +x network-security/config/configure-network.sh
Phase 4: Test Access Controls
Validate network policies through comprehensive testing.
cat > network-security/tests/network-tests.sh << 'EOF'
#!/bin/bash
echo "Testing Network Security..."
# Test trusted domain access
curl -s --max-time 5 https://api.anthropic.com && echo "✓ Trusted domain accessible"
# Test blocked domain
! curl -s --max-time 5 https://malicious.com && echo "✓ Blocked domain inaccessible"
# Test allowed ports
nc -zv localhost 3000 && echo "✓ Port 3000 accessible"
echo "Network tests complete"
EOF
chmod +x network-security/tests/network-tests.sh
Phase 5: Document Configuration
Create comprehensive documentation for network security setup.
cat > network-security/docs/DEPLOYMENT.md << 'EOF'
# Network Security Deployment
## Quick Start
1. Review requirements
2. Deploy configuration: `./network-security/config/configure-network.sh`
3. Test policies: `./network-security/tests/network-tests.sh`
4. Monitor: Check logs for violations
## Trusted Domains
- Anthropic API
- GitHub
- NPM/PyPI
- Docker Hub
## Monitoring
- Connection logs: `/var/log/connections.log`
- Firewall logs: `/var/log/firewall.log`
- DNS queries: `/var/log/dns.log`
## Maintenance
- Review monthly
- Update trusted domains as needed
- Audit logs weekly
EOF
Workflow Summary
Duration: 25-45 minutes
Deliverables:
- Network security policies
- Firewall configuration
- DNS filtering
- Test suite
- Documentation
Best Practices
- Whitelist Approach: Deny by default
- Least Privilege: Minimal access
- Regular Testing: Weekly validation
- Continuous Monitoring: Real-time logs
- Documentation: Keep updated
Related Skills
aiskillstore/hig-components-content
development
VerifiedTrustedCommunity
Apple Human Interface Guidelines for content display components. Use this skill when the user asks about charts component, collection view, image view, web view, color well, image well, activity view, lockup, data visualization, content display, displaying images, rendering web content, color pickers, or presenting collections of items in Apple apps. Also use when the user says how should I display charts, what's the best way to show images, should I use a web view, how do I build a grid of items, what component shows media, or how do I present a share sheet. Cross-references: hig-foundations for color/typography/accessibility, hig-patterns for data visualization patterns, hig-components-layout for structural containers, hig-platforms for platform-specific component behavior.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/helpdesk-automation
tools
VerifiedTrustedCommunity
Automate HelpDesk tasks via Rube MCP (Composio): list tickets, manage views, use canned responses, and configure custom fields. Always search tools first for current schemas.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/haskell-pro
testing
VerifiedTrustedCommunity
Expert Haskell engineer specializing in advanced type systems, pure functional design, and high-reliability software. Use PROACTIVELY for type-level programming, concurrency, and architecture guidance.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/graphql
tools
VerifiedTrustedCommunity
GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.
244SKILL.mdUpdated Apr 10, 2026