Skip to content
ImAiFox
Skill

awf-skill

by github

AI Summary

Use this skill when you need to run commands with network isolation, restrict network access to approved domains, or execute AI agents in a sandboxed environment with controlled network access. AWF is a network firewall for agentic workflows that provides: The separator divides firewall options fro

Install

Copy this and paste it into Claude Code, Cursor, or any AI assistant:

I want to install the "awf-skill" skill in my project.

Please run this command in my terminal:
# Install skill into your project
mkdir -p .claude/skills/gh-aw-firewall && curl --retry 3 --retry-delay 2 --retry-all-errors -o .claude/skills/gh-aw-firewall/SKILL.md "https://raw.githubusercontent.com/github/gh-aw-firewall/main/skill.md"

Then restart Claude Code (or reload the window in Cursor) so the skill is picked up.

Description

Use the AWF (Agentic Workflow Firewall) to run commands with network isolation and domain whitelisting. Provides L7 HTTP/HTTPS egress control for AI agents.

AWF (Agentic Workflow Firewall) Usage Skill

Use this skill when you need to run commands with network isolation, restrict network access to approved domains, or execute AI agents in a sandboxed environment with controlled network access.

What is AWF?

AWF is a network firewall for agentic workflows that provides: • L7 Domain Whitelisting: Control HTTP/HTTPS traffic at the application layer • Host-Level Enforcement: Uses iptables DOCKER-USER chain to enforce firewall on ALL containers • Chroot Mode: Optional transparent access to host binaries (Python, Node.js, Go) while maintaining network isolation

When to Use AWF

Use AWF when: • Running AI agents (Copilot CLI, Claude, etc.) that need network access but should be restricted • Testing code that makes network requests in a controlled environment • Enforcing network security policies for automated workflows • Running untrusted commands with limited network access • Testing Playwright or other tools against localhost services

Run a command with only github.com allowed

sudo awf --allow-domains github.com -- curl https://api.github.com ` The -- separator divides firewall options from the command to run.

Discussion

0/2000
Loading comments...

Health Signals

MaintenanceCommitted Today
Active
AdoptionUnder 100 stars
99 ★ · Niche
DocsREADME + description
Well-documented

GitHub Signals

Stars99
Forks28
Issues72
UpdatedToday
View on GitHub
MIT License

My Fox Den

Community Rating

Sign in to rate this booster

Works With

Claude Code
Copilot

Related Skills

Openclaw MCP Server

MCP Server

using-superpowers

Skill

finishing-a-development-branch

Skill

test-driven-development

Skill

View all Skills →