ReddRadar
Agent skill
openwebf-security-remote-content
Review security risks and mitigations for remote WebF content (untrusted bundles, URL allowlists, HTTPS, trust boundaries, clickjacking). Use when the user mentions untrusted remote bundles, bundle URL validation/allowlists, or remote updates risk.
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/security/openwebf-security-remote-content
SKILL.md
OpenWebF Security: Remote Content & Trust Boundaries
Instructions
- Identify trust boundaries:
- remote bundle URLs
- user-generated content
- bridge/native plugins
- Review how URLs are constructed and validated (allowlists, HTTPS, pinning/versioning).
- Use MCP docs (“Security”, “Store Guidelines”) as the baseline for recommendations.
- Provide remediation steps ordered by severity; do not modify files by default.
If the user is primarily asking about store policy/compliance for remote updates, prefer openwebf-security-store-guidelines.
More:
- reference.md
- doc-queries.md
- examples.md
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?