automateyournetwork/meraki-security-appliance
workspace/skills/meraki-security-appliance/SKILL.md
Cisco Meraki Security Appliance (MX) — firewall rules, site-to-site VPN, content filtering, traffic shaping, security events. Use when auditing Meraki MX firewall rules, troubleshooting site-to-site VPN tunnels, managing content filtering, or investigating Meraki security events and IDS alerts
$ install --global
skillsauthnpx skillsauth add automateyournetwork/netclaw meraki-security-applianceInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 10:34 PM3.7s1 file scanned
SKILL.md
- name:
- meraki-security-appliance
- description:
- Cisco Meraki Security Appliance (MX) — firewall rules, site-to-site VPN, content filtering, traffic shaping, security events. Use when auditing Meraki MX firewall rules, troubleshooting site-to-site VPN tunnels, managing content filtering, or investigating Meraki security events and IDS alerts
- version:
- 1.0.0
- license:
- Apache-2.0
- tags:
- [cisco, meraki, mx, firewall, vpn, security, content-filtering, traffic-shaping]
Meraki Security Appliance (MX) Operations
MCP Server
- Repository: CiscoDevNet/meraki-magic-mcp-community
- Transport: stdio (Python via FastMCP) or HTTP
- Requires:
MERAKI_API_KEY,MERAKI_ORG_ID
Key Capabilities
| Operation | API Method | What It Does |
|-----------|-----------|--------------|
| Security center | getNetworkSecurityCenter | Security overview: threat score, events, top threats |
| VPN status | getNetworkVpnStatus | VPN peer connectivity status |
| Firewall rules | getNetworkSecurityFirewallRules | L3 outbound firewall rules |
| Update firewall | updateNetworkSecurityFirewallRules | [WRITE] Modify L3 firewall rules |
| Site-to-site VPN | getNetworkSecurityVpnSiteToSite | VPN mode (hub/spoke/none), hubs, subnets |
| Update VPN | updateNetworkSecurityVpnSiteToSite | [WRITE] Modify VPN configuration |
| Content filtering | getNetworkSecurityContentFiltering | URL categories, blocked URLs, allowed URLs |
| Update filtering | updateNetworkSecurityContentFiltering | [WRITE] Modify blocked/allowed URL lists and categories |
| Security events | getNetworkSecuritySecurityEvents | IDS/IPS events, malware, C2 callbacks |
| Traffic shaping | getNetworkSecurityTrafficShaping | Global bandwidth limits, per-rule shaping |
| Update shaping | updateNetworkSecurityTrafficShaping | [WRITE] Modify bandwidth limits and shaping rules |
Workflow: Firewall Rule Audit
When a user asks "show me the firewall rules on the branch MX":
- Find network:
getNetworks(meraki-network-ops) for the branch network - Firewall rules:
getNetworkSecurityFirewallRules— all L3 outbound rules - Analyze: check for overly permissive rules (any/any/any allow), shadowed rules, unused rules
- Content filtering:
getNetworkSecurityContentFiltering— URL category blocks - Security events:
getNetworkSecuritySecurityEvents— recent IDS/IPS hits - Report: rule table with security assessment and recommendations
Workflow: VPN Connectivity Troubleshooting
When investigating "VPN tunnel to HQ is down":
- VPN status:
getNetworkVpnStatus— tunnel state for all peers - VPN config:
getNetworkSecurityVpnSiteToSite— mode, hubs, subnets - Device status:
getDeviceStatus(meraki-network-ops) — is the MX online? - Uplinks:
getDeviceUplink— WAN link status (is ISP up?) - Security events:
getNetworkSecuritySecurityEvents— VPN-related errors - Report: root cause analysis (ISP outage, config mismatch, peer down)
Workflow: Content Filtering Review
When auditing web content filtering:
- Current config:
getNetworkSecurityContentFiltering— blocked categories, blocked/allowed URLs - Security events:
getNetworkSecuritySecurityEvents— users hitting blocked content - Compare across sites: check filtering consistency across networks
- Recommendations: tighten categories, add specific URL blocks/allows
- Apply:
updateNetworkSecurityContentFiltering— requires ServiceNow CR
Workflow: Security Event Investigation
When responding to a security alert:
- Security events:
getNetworkSecuritySecurityEvents— IDS/IPS detections, malware, C2 - Client details:
getClientDetails(meraki-network-ops) for involved endpoints - Firewall rules:
getNetworkSecurityFirewallRules— is the threat being blocked? - Content filtering: check if malicious domains are in the block list
- Containment:
updateClientPolicyto quarantine the endpoint — requires human approval - ServiceNow: create Security Incident
- Report: incident summary with timeline, IOCs, containment actions
Integration with Other Skills
| Skill | How They Work Together |
|-------|----------------------|
| meraki-network-ops | Network/device context for MX operations |
| meraki-monitoring | Live diagnostics on MX appliances |
| fmc-firewall-ops | Cross-platform firewall audit: Meraki MX rules vs Cisco FTD rules |
| aws-network-ops | Hybrid security: Meraki MX on-prem + AWS Network Firewall cloud |
| ise-posture-audit | Meraki client policies + ISE posture for unified access control |
| servicenow-change-workflow | Gate all firewall, VPN, and content filtering changes |
| gait-session-tracking | Record all security investigations and rule changes |
Important Rules
- Firewall rule changes affect all traffic — modifying L3 rules can break connectivity for the entire site
- VPN configuration changes can disrupt inter-site connectivity — always verify tunnel state after changes
- Content filtering affects user experience — coordinate with help desk before blocking new categories
- Security events require investigation — IDS/IPS alerts should be triaged, not ignored
- ServiceNow CR required for all firewall rule, VPN, content filtering, and traffic shaping changes
- Record in GAIT — log all security appliance audits, investigations, and changes
Environment Variables
MERAKI_API_KEY— Meraki Dashboard API keyMERAKI_ORG_ID— Meraki organization ID
Related Skills
automateyournetwork/humanrail-escalation
testing
VerifiedTrustedCommunity
Human-in-the-loop escalation via HumanRail — route low-confidence agent decisions, pre-destructive operation approvals, and ambiguous incident tickets to real human engineers. Human answers are verified and returned as structured output. Workers are paid via Lightning Network. Use when the agent is uncertain, when a destructive change needs explicit human sign-off beyond a ServiceNow CR, or when an ambiguous ticket requires human triage before automated handling.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-node-operations
testing
VerifiedTrustedCommunity
Manage EVE-NG node lifecycle. Use when listing nodes, checking runtime state, creating or deleting nodes, starting or stopping nodes or whole labs, verifying node details, or wiping node NVRAM back to factory defaults.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-lab-management
development
VerifiedTrustedCommunity
Manage EVE-NG labs and platform inventory. Use when listing labs, checking lab metadata, creating or deleting labs, importing or exporting lab archives, checking EVE-NG health or auth, or verifying available node images before build work.
491SKILL.mdUpdated May 12, 2026
automateyournetwork/eve-ng-console-ops
tools
VerifiedTrustedCommunity
Execute live CLI commands on running EVE-NG nodes over telnet console. Use when running show commands, making live config changes, verifying protocol state, testing connectivity, checking console readiness, or interacting with IOS, Junos, VPCS, EOS, or NX-OS nodes.
491SKILL.mdUpdated May 12, 2026