Claude Code Plugins

Community-maintained marketplace

Feedback

openwebf-security-remote-content

@archview-ai/webf-plugin
0
0

Review security risks and mitigations for remote WebF content (untrusted bundles, URL allowlists, HTTPS, trust boundaries, clickjacking). Use when the user mentions untrusted remote bundles, bundle URL validation/allowlists, or remote updates risk.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name openwebf-security-remote-content
description Review security risks and mitigations for remote WebF content (untrusted bundles, URL allowlists, HTTPS, trust boundaries, clickjacking). Use when the user mentions untrusted remote bundles, bundle URL validation/allowlists, or remote updates risk.
allowed-tools Read, Grep, Glob, mcp__openwebf__docs_search, mcp__openwebf__docs_get_section, mcp__openwebf__docs_related

OpenWebF Security: Remote Content & Trust Boundaries

Instructions

  1. Identify trust boundaries:
    • remote bundle URLs
    • user-generated content
    • bridge/native plugins
  2. Review how URLs are constructed and validated (allowlists, HTTPS, pinning/versioning).
  3. Use MCP docs (“Security”, “Store Guidelines”) as the baseline for recommendations.
  4. Provide remediation steps ordered by severity; do not modify files by default.

If the user is primarily asking about store policy/compliance for remote updates, prefer openwebf-security-store-guidelines.

More: