Skills Firewall

A security firewall that automatically blocks and filters malicious or potentially harmful skills by analyzing code patterns, detecting security threats, and enforcing security policies.

Quick Start

Scan a Single Skill

python scripts/scan_skill.py /path/to/skill

Check Firewall Decision

python scripts/firewall_check.py /path/to/skill

Generate Security Report

python scripts/generate_report.py /path/to/skills --format text

Core Workflows

1. Security Scanning

Scan skills for potential security threats:

# Scan single skill
python scripts/scan_skill.py ./my-skill

# Scan all skills in directory
python scripts/scan_skill.py ./skills

# JSON output for automation
python scripts/scan_skill.py ./my-skill --json

Threat Levels:

• SAFE - No security concerns
• LOW - Minor concerns, generally safe
• MEDIUM - Moderate concerns, review recommended
• HIGH - Significant risks, blocking recommended
• CRITICAL - Severe threats, must block

2. Firewall Filtering

Check and filter skills based on security rules:

# Check single skill
python scripts/firewall_check.py ./my-skill

# Filter all skills
python scripts/firewall_check.py ./skills

# Add to allowed list
python scripts/firewall_check.py ./my-skill --allow

# Add to blocked list
python scripts/firewall_check.py ./my-skill --block

Actions:

• allow - Skill passes firewall
• warn - Skill has warnings but allowed
• block - Skill is blocked
• quarantine - Skill isolated for review

3. Security Reports

Generate comprehensive security reports:

# Text report
python scripts/generate_report.py ./skills

# JSON report
python scripts/generate_report.py ./skills --format json

# HTML report
python scripts/generate_report.py ./skills --format html --output report.html

Detection Categories

The firewall detects threats in these categories:

Configuration

Export/Import Config

# Export current config
python scripts/firewall_check.py ./skills --export-config firewall.yaml

# Use custom config
python scripts/firewall_check.py ./skills --config firewall.yaml

Config File Format

default_action: warn
allowed_skills:
  - skill-creator
  - weather
blocked_skills:
  - malicious-skill
quarantine_dir: ./quarantine
rules:
  - name: block_eval
    description: Block eval() usage
    patterns:
      - "eval("
    action: block
    enabled: true

Reference Documentation

• Malicious Patterns: See malicious_patterns.md for detailed pattern catalog
• Security Rules: See security_rules.md for rule definitions and configuration

Programmatic Usage

from scan_skill import scan_skill, ThreatLevel
from firewall_check import SkillsFirewall, ActionType

# Scan a skill
result = scan_skill("/path/to/skill")
print(f"Threat Level: {result.threat_level}")
print(f"Is Safe: {result.is_safe}")

# Use firewall
firewall = SkillsFirewall()
decision = firewall.check_skill("/path/to/skill")
print(f"Action: {decision.action}")
print(f"Reason: {decision.reason}")

# Manage lists
firewall.add_allowed_skill("trusted-skill")
firewall.add_blocked_skill("malicious-skill")

# Create custom rule
firewall.create_rule(
    name="block_custom_pattern",
    description="Block custom dangerous pattern",
    patterns=["dangerous_function("],
    action=ActionType.BLOCK
)

Best Practices

1. Scan Before Use: Always scan new skills before installation
2. Review Warnings: Investigate warning-level findings
3. Update Rules: Keep detection patterns current
4. Document Exceptions: Record why skills are allowed/blocked
5. Regular Audits: Run periodic security scans
6. Use Reports: Generate reports for compliance and review