Why Use This This skill provides specialized capabilities for aiskillstore's codebase.
Use Cases Developing new features in the aiskillstore repository Refactoring existing code to follow aiskillstore standards Understanding and working with aiskillstore's codebase structure
Install Guide 2 steps 1 2 Install inside Ananke
Click Install Skill, paste the link below, then press Install.
https://github.com/aiskillstore/marketplace/tree/main/skills/dnyoussef/when-setting-network-security-use-network-security-setup Skill Snapshot Auto scan of skill assets. Informational only.
Valid SKILL.md Checks against SKILL.md specification
Updated At Jan 19, 2026, 04:39 AM
SKILL.md 245 Lines
Total Files 1
Total Size 0 B
License NOASSERTION
---
name: when-setting-network-security-use-network-security-setup
description: Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.
---
# Network Security Setup SOP
```yaml
metadata:
skill_name: when-setting-network-security-use-network-security-setup
version: 1.0.0
category: specialized-tools
difficulty: intermediate
estimated_duration: 25-45 minutes
trigger_patterns:
- "network security"
- "configure network isolation"
- "trusted domains"
- "firewall rules"
- "network access control"
dependencies:
- Claude Code sandbox
- Network configuration access
agents:
- security-manager
- cicd-engineer
success_criteria:
- Trusted domains configured
- Access policies implemented
- Environment variables set
- Network tests passing
- Documentation complete
```
## Overview
Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.
## Agent Responsibilities
### security-manager
- Design network security architecture
- Define trusted domains and policies
- Validate security configurations
- Create security documentation
### cicd-engineer
- Implement network configurations
- Deploy firewall rules
- Setup environment variables
- Create monitoring tools
## Phase 1: Audit Network Requirements
Identify required network access, external dependencies, and security constraints.
```bash
mkdir -p network-security/{policies,config,tests,docs}
# Document network requirements
cat > network-security/docs/NETWORK-REQUIREMENTS.md << 'EOF'
# Network Access Requirements
## External Dependencies
- Anthropic API (api.anthropic.com)
- GitHub (github.com, *.github.com)
- NPM Registry (npmjs.org)
- PyPI (pypi.org)
- Docker Hub (docker.io)
## Required Ports
- Outbound: 80 (HTTP), 443 (HTTPS), 22 (SSH)
- Inbound: 3000, 5000, 8000, 8080 (Application)
## Protocols
- Allowed: HTTP/HTTPS, SSH, Git
- Blocked: FTP, Telnet, SMTP
## Rate Limits
- 100 requests/minute
- Burst: 150 requests
EOF
```
## Phase 2: Design Security Policies
Create comprehensive network security policies with allow/deny rules.
```bash
cat > network-security/policies/network-policy.json << 'EOF'
{
"network_security": {
"mode": "whitelist",
"trusted_domains": [
"*.anthropic.com",
"api.openai.com",
"github.com",
"*.github.com",
"raw.githubusercontent.com",
"npmjs.org",
"registry.npmjs.org",
"pypi.org",
"files.pythonhosted.org",
"docker.io",
"registry-1.docker.io"
],
"blocked_domains": [
"*.malicious.com",
"suspicious.net"
],
"allowed_ports": {
"outbound": [80, 443, 22],
"inbound": [3000, 5000, 8000, 8080]
},
"rate_limiting": {
"enabled": true,
"requests_per_minute": 100,
"burst": 150
},
"dns_filtering": {
"enabled": true,
"block_private_ips": true,
"block_localhost_bypass": true
}
}
}
EOF
```
## Phase 3: Implement Network Isolation
Deploy firewall rules, DNS filtering, and access controls.
```bash
cat > network-security/config/configure-network.sh << 'EOF'
#!/bin/bash
set -e
echo "Configuring network security..."
# Configure firewall (iptables)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
# DNS filtering
cat >> /etc/hosts << 'HOSTS'
127.0.0.1 malicious.com
127.0.0.1 suspicious.net
HOSTS
# Environment variables
cat > /etc/environment.d/network-security.conf << 'ENV'
HTTPS_PROXY=""
NO_PROXY="localhost,127.0.0.1"
TRUSTED_DOMAINS="anthropic.com,github.com,npmjs.org,pypi.org,docker.io"
ENV
echo "Network security configured"
EOF
chmod +x network-security/config/configure-network.sh
```
## Phase 4: Test Access Controls
Validate network policies through comprehensive testing.
```bash
cat > network-security/tests/network-tests.sh << 'EOF'
#!/bin/bash
echo "Testing Network Security..."
# Test trusted domain access
curl -s --max-time 5 https://api.anthropic.com && echo "✓ Trusted domain accessible"
# Test blocked domain
! curl -s --max-time 5 https://malicious.com && echo "✓ Blocked domain inaccessible"
# Test allowed ports
nc -zv localhost 3000 && echo "✓ Port 3000 accessible"
echo "Network tests complete"
EOF
chmod +x network-security/tests/network-tests.sh
```
## Phase 5: Document Configuration
Create comprehensive documentation for network security setup.
```bash
cat > network-security/docs/DEPLOYMENT.md << 'EOF'
# Network Security Deployment
## Quick Start
1. Review requirements
2. Deploy configuration: `./network-security/config/configure-network.sh`
3. Test policies: `./network-security/tests/network-tests.sh`
4. Monitor: Check logs for violations
## Trusted Domains
- Anthropic API
- GitHub
- NPM/PyPI
- Docker Hub
## Monitoring
- Connection logs: `/var/log/connections.log`
- Firewall logs: `/var/log/firewall.log`
- DNS queries: `/var/log/dns.log`
## Maintenance
- Review monthly
- Update trusted domains as needed
- Audit logs weekly
EOF
```
## Workflow Summary
**Duration:** 25-45 minutes
**Deliverables:**
- Network security policies
- Firewall configuration
- DNS filtering
- Test suite
- Documentation
## Best Practices
1. **Whitelist Approach**: Deny by default
2. **Least Privilege**: Minimal access
3. **Regular Testing**: Weekly validation
4. **Continuous Monitoring**: Real-time logs
5. **Documentation**: Keep updated
