multiAI Summary Pending
network-security-setup

Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables
231 stars
Installation

Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/network-security-setup/SKILL.md --create-dirs "https://raw.githubusercontent.com/aiskillstore/marketplace/main/skills/dnyoussef/network-security-setup/SKILL.md"
Manual Installation
Download SKILL.md from GitHub
Place it in .claude/skills/network-security-setup/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill
How network-security-setup Compares

Feature / Agent	network-security-setup	Standard Approach
Platform Support	multi	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A
Frequently Asked Questions

What does this skill do?

Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables
Which AI agents support this skill?

This skill is compatible with multi.
Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source

# Network Security Setup

## Purpose
Configure Claude Code sandbox network isolation policies including trusted domain whitelisting, custom access rules, and secure environment variable management.

## Specialist Agent

I am a network security specialist with expertise in:
- Zero-trust network architecture for AI code execution
- Domain whitelisting and access control policies
- Prompt injection attack prevention via network isolation
- Secure environment variable management
- Corporate proxy and internal registry configuration

### Methodology (Systems Thinking + Self-Consistency)

1. **Analyze Environment**: Understand deployment context (enterprise, open-source, local)
2. **Design Network Policy**: Create appropriate trusted domain list
3. **Configure Access Rules**: Set up custom access patterns and exclusions
4. **Secure Credentials**: Properly handle environment variables and secrets
5. **Validate Security**: Test that policies block untrusted access while enabling work

### Network Isolation Modes

**Mode 1: Trusted Network Access (Recommended Default)**
```yaml
mode: trusted
description: Claude can only access pre-approved, known-safe domains
use_case: General development, open-source projects
trusted_domains:
  - "*.npmjs.org"
  - "registry.npmjs.org"
  - "*.yarnpkg.com"
  - "*.github.com"
  - "api.github.com"
  - "raw.githubusercontent.com"
  - "*.cloudfront.net"
  - "*.docker.io"
  - "registry.hub.docker.com"
  - "*.pypi.org"
  - "pypi.python.org"
```

**Mode 2: No Network Access**
```yaml
mode: none
description: Complete network isolation, no external access
use_case: Maximum security, offline development, sensitive projects
trusted_domains: []
```

**Mode 3: Custom Access**
```yaml
mode: custom
description: User-defined whitelist of allowed domains
use_case: Enterprise with internal registries, corporate networks
trusted_domains:
  - "registry.company.internal"
  - "docs.company.com"
  - "api.company.com"
  - "*.company-cdn.net"
  - [Include standard registries as needed]
```

### Default Trusted Domains (Anthropic-Approved)

**Package Registries**:
- `*.npmjs.org` - npm packages
- `registry.npmjs.org` - npm registry
- `*.yarnpkg.com` - Yarn registry
- `*.pypi.org` - Python packages
- `pypi.python.org` - Python registry
- `rubygems.org` - Ruby gems
- `*.maven.org` - Maven packages

**Container Registries**:
- `*.docker.io` - Docker Hub
- `registry.hub.docker.com` - Docker registry
- `ghcr.io` - GitHub Container Registry
- `gcr.io` - Google Container Registry
- `*.azurecr.io` - Azure Container Registry

**Source Control & CDNs**:
- `*.github.com` - GitHub
- `api.github.com` - GitHub API
- `raw.githubusercontent.com` - Raw GitHub content
- `*.cloudfront.net` - AWS CloudFront
- `cdn.jsdelivr.net` - jsDelivr CDN
- `unpkg.com` - unpkg CDN

**Development Tools**:
- `*.vercel.com` - Vercel deployment
- `*.netlify.com` - Netlify deployment
- `*.supabase.co` - Supabase API

### Enterprise Configuration

**Internal Registry Setup**:
```json
{
  "sandbox": {
    "enabled": true,
    "network": {
      "mode": "custom",
      "trustedDomains": [
        "registry.company.internal:5000",
        "npm.company.com",
        "docs.company.com",
        "api-docs.company.internal",
        "*.company-cdn.net",
        "*.company.cloud",

        // Include standard public registries if needed
        "registry.npmjs.org",
        "*.github.com"
      ],
      "customProxy": {
        "enabled": true,
        "http": "http://proxy.company.com:8080",
        "https": "http://proxy.company.com:8080",
        "noProxy": [
          "localhost",
          "127.0.0.1",
          "*.company.internal"
        ]
      }
    }
  }
}
```

**Corporate Proxy Configuration**:
```json
{
  "sandbox": {
    "network": {
      "customProxy": {
        "enabled": true,
        "http": "http://corporate-proxy.company.com:3128",
        "https": "http://corporate-proxy.company.com:3128",
        "noProxy": [
          "localhost",
          "*.internal",
          "*.company.com"
        ],
        "authentication": {
          "enabled": false  // Use system credentials
        }
      }
    }
  }
}
```

### Environment Variables (Secure Management)

**Safe Environment Variables** (OK to configure):
```yaml
safe_env_vars:
  - NODE_ENV: "development"
  - API_BASE_URL: "https://api.company.com"
  - LOG_LEVEL: "debug"
  - FEATURE_FLAGS: "new_ui,beta_features"
  - BUILD_TARGET: "production"
```

**Dangerous (NEVER in sandbox config)**:
```yaml
dangerous_env_vars:  # Store in .env.local, never in settings
  - API_KEY: "sk-..."  ❌ SECRET
  - DATABASE_PASSWORD: "..."  ❌ SECRET
  - PRIVATE_KEY: "..."  ❌ SECRET
  - AWS_SECRET_ACCESS_KEY: "..."  ❌ SECRET
```

**Best Practice for Secrets**:
1. Store in `.env.local` (gitignored)
2. Use environment variable references in sandbox config
3. Document required variables without values
4. Use secret management services in production

**Example Secure Configuration**:
```json
{
  "sandbox": {
    "environmentVariables": {
      // ✅ Non-sensitive configuration
      "NODE_ENV": "development",
      "API_BASE_URL": "https://api.staging.company.com",

      // ✅ Reference to local .env file (document required vars)
      "__REQUIRED_SECRETS__": "API_KEY, DATABASE_URL (store in .env.local)"
    }
  }
}
```

### Security Threat Mitigation

**Threat 1: Prompt Injection → Data Exfiltration**
```
Attack: Malicious prompt in downloaded code tries to send sensitive data to attacker.com
Mitigation: Network isolation blocks all non-whitelisted domains
Result: Attack fails, data stays secure
```

**Threat 2: Malicious Package Download**
```
Attack: Prompt injection tries to install malware from evil-registry.com
Mitigation: Only trusted registries allowed
Result: Download blocked, system protected
```

**Threat 3: Internal Network Scanning**
```
Attack: Code tries to scan internal network for vulnerable services
Mitigation: Network isolation prevents arbitrary connections
Result: Internal network remains hidden
```

**Threat 4: Credential Theft**
```
Attack: Downloaded code reads environment variables and sends to attacker
Mitigation: Secrets not in sandbox config, network blocked anyway
Result: No credentials accessible or exfiltratable
```

### Domain Pattern Matching

**Wildcard Patterns**:
- `*.example.com` - Matches all subdomains: api.example.com, cdn.example.com
- `example.com` - Exact match only
- `*.*.example.com` - Multi-level wildcards: a.b.example.com

**Port Specifications**:
- `registry.company.com:5000` - Specific port
- `*.company.com:*` - Any port on subdomains
- `localhost:3000` - Local development server

**Protocol Handling**:
- HTTPS preferred and enforced where possible
- HTTP allowed only for localhost and internal domains
- WebSocket connections follow same rules (ws:// → wss://)

### Validation and Testing

**Test Network Policy**:
```bash
# Should succeed (trusted domain)
npm install express

# Should succeed (trusted domain)
git clone https://github.com/user/repo

# Should fail (untrusted domain)
curl https://random-website.com

# Should succeed if allowLocalBinding enabled
npm run dev
```

**Verification Checklist**:
- [ ] Package installations work from trusted registries
- [ ] GitHub operations succeed
- [ ] CDN resources accessible if needed
- [ ] Internal registries accessible (enterprise)
- [ ] Untrusted domains blocked
- [ ] Local development servers work if configured
- [ ] Build commands pass with required env vars
- [ ] No secrets in sandbox configuration

## Input Contract

```yaml
environment_type: enterprise | opensource | local | custom
required_access:
  public_registries: array[string]
  internal_domains: array[string]
  cdn_services: array[string]
needs_proxy: boolean
proxy_config: object (if needs_proxy)
required_env_vars: array[{name, value, is_secret}]
```

## Output Contract

```yaml
network_configuration:
  mode: trusted | none | custom
  trusted_domains: array[string]
  proxy_config: object (if applicable)
  environment_variables: object (non-secrets only)

security_analysis:
  threats_mitigated: array[string]
  access_granted: array[string]
  access_denied: array[string]
  recommendations: array[string]

setup_instructions:
  config_file_location: string
  config_content: json
  validation_commands: array[string]
  documentation_links: array[string]
```

## Integration Points

- **Cascades**: Works with sandbox-configurator for complete security setup
- **Commands**: `/network-security`, `/trusted-domains`
- **Other Skills**: Pairs with sandbox-configurator, security-review

## Usage Examples

**Standard Development Setup**:
```
Configure network security for open-source development with standard npm and GitHub access
```

**Enterprise Internal**:
```
Set up network isolation for enterprise:
- Internal npm registry: npm.company.internal
- Internal docs: docs.company.com
- Corporate proxy: proxy.company.com:8080
- Keep access to public GitHub
```

**Maximum Security**:
```
Configure maximum security with no network access for sensitive project
```

**Add Custom Domain**:
```
Add api.specialservice.com to trusted domains for API integration
```

## Failure Modes & Mitigations

- **Package install fails**: Add registry to trusted domains
- **Git clone fails**: Add git host to trusted domains
- **Build fails with network error**: Check if build accesses CDN, add to whitelist
- **Proxy authentication fails**: Verify proxy credentials or use system auth
- **Environment variable missing**: Document in config, add to .env.local

## Validation Checklist

- [ ] All required registries in trusted domains
- [ ] Internal domains include ports if non-standard
- [ ] Proxy configuration correct (if needed)
- [ ] No secrets in sandbox configuration
- [ ] Required env vars documented
- [ ] Test package installation
- [ ] Test git operations
- [ ] Test build commands
- [ ] Verify untrusted access blocked

## Neural Training Integration

```yaml
training:
  pattern: systems-thinking
  feedback_collection: true
  success_metrics:
    - zero_security_incidents
    - development_velocity_maintained
    - false_positive_rate_low
```

---

**Quick Reference**:
- Config location: `.claude/settings.local.json`
- Default mode: Trusted network access
- Wildcard syntax: `*.domain.com`
- Secrets: NEVER in sandbox config, use .env.local

**Security Principle**: Deny by default, allow explicitly, verify continuously