skills-firewall
Security firewall for skills that automatically blocks and filters malicious or potentially harmful skills. Use when: (1) Scanning skills for security threats. (2) Checking if a skill is safe to use. (3) Filtering multiple skills based on security rules. (4) Generating security reports for skills. (5) Managing allowed/blocked skill lists. (6) Reviewing skills before installation or execution.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/huzibbs/skills-firewallSkills Firewall
A security firewall that automatically blocks and filters malicious or potentially harmful skills by analyzing code patterns, detecting security threats, and enforcing security policies.
Quick Start
Scan a Single Skill
python scripts/scan_skill.py /path/to/skill
Check Firewall Decision
python scripts/firewall_check.py /path/to/skill
Generate Security Report
python scripts/generate_report.py /path/to/skills --format text
Core Workflows
1. Security Scanning
Scan skills for potential security threats:
# Scan single skill
python scripts/scan_skill.py ./my-skill
# Scan all skills in directory
python scripts/scan_skill.py ./skills
# JSON output for automation
python scripts/scan_skill.py ./my-skill --json
Threat Levels:
SAFE- No security concernsLOW- Minor concerns, generally safeMEDIUM- Moderate concerns, review recommendedHIGH- Significant risks, blocking recommendedCRITICAL- Severe threats, must block
2. Firewall Filtering
Check and filter skills based on security rules:
# Check single skill
python scripts/firewall_check.py ./my-skill
# Filter all skills
python scripts/firewall_check.py ./skills
# Add to allowed list
python scripts/firewall_check.py ./my-skill --allow
# Add to blocked list
python scripts/firewall_check.py ./my-skill --block
Actions:
allow- Skill passes firewallwarn- Skill has warnings but allowedblock- Skill is blockedquarantine- Skill isolated for review
3. Security Reports
Generate comprehensive security reports:
# Text report
python scripts/generate_report.py ./skills
# JSON report
python scripts/generate_report.py ./skills --format json
# HTML report
python scripts/generate_report.py ./skills --format html --output report.html
Detection Categories
The firewall detects threats in these categories:
| Category | Examples | Severity |
|---|---|---|
| Code Injection | eval(), exec(), import() | HIGH |
| Command Execution | subprocess shell=True, os.system() | HIGH |
| Credential Exposure | Hardcoded passwords, API keys | CRITICAL |
| Network Communication | HTTP requests, socket connections | MEDIUM |
| File Operations | File deletion, modification | MEDIUM |
| Deserialization | pickle.loads, unsafe yaml.load | HIGH |
| Privilege Escalation | sudo, chmod 777 | HIGH |
| Obfuscation | Base64 decoding, encoding | LOW |
Configuration
Export/Import Config
# Export current config
python scripts/firewall_check.py ./skills --export-config firewall.yaml
# Use custom config
python scripts/firewall_check.py ./skills --config firewall.yaml
Config File Format
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-huzibbs-skills-firewall": {
"enabled": true,
"auto_update": true
}
}
}