← Back to Skills Marketplace
woop

LuLu CLI

by Willem Pienaar · GitHub ↗ · v0.2.0 · MIT-0
darwin ⚠ suspicious
256
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install lulu-cli
Description
Manage LuLu macOS firewall rules from the command line. Use when connections are blocked, domains need allowing/blocking, or firewall rules need reviewing. P...
README (SKILL.md)

LuLu Firewall CLI

CLI for managing LuLu macOS firewall rules. LuLu is a free, open-source macOS firewall that blocks unknown outgoing connections.

Requires: macOS 13+, LuLu installed, sudo for write operations.

When to Use This Skill

  • A network request fails and you suspect it's being blocked by the firewall
  • You need to allow a new domain or service through the firewall
  • You want to audit what's currently allowed or blocked
  • You need to clean up stale or unnecessary rules
  • You're setting up a new machine and need to configure firewall rules

How LuLu Works

LuLu runs as a macOS system extension. When configured in passive mode with new connections defaulting to block, any unrecognized outbound connection is silently blocked and logged as a passive rule.

  • Rules live in /Library/Objective-See/LuLu/rules.plist (NSKeyedArchiver binary format, owned by root)
  • The CLI reads/writes this file directly using the same serialization format as LuLu
  • The system extension only reads rules at startup, so reload (kill + auto-restart) is needed after changes
  • New blocks from passive mode appear immediately in recent without needing a reload

Core Workflow

Most usage follows this pattern:

  1. Diagnose -- check what's being blocked
  2. Fix -- add allow rules for legitimate domains
  3. Apply -- reload the extension
# 1. Check recent blocks
lulu-cli recent 10

# 2. Allow the blocked domain
sudo lulu-cli add --key '*' --path '*' --action allow --addr api.example.com --port 443

# 3. Apply
sudo lulu-cli reload

Commands

list [filter]

List all firewall rules. Optionally filter by keyword (matches key or binary path).

lulu-cli list              # all rules
lulu-cli list curl         # rules for curl
lulu-cli list node         # rules for node
lulu-cli list '*'          # global/wildcard rules only

No sudo required.

recent [N]

Show the N most recent block rules, sorted by creation date (newest first). Default: 20.

lulu-cli recent            # last 20 blocks
lulu-cli recent 5          # last 5 blocks

No sudo required. This is the first command to run when diagnosing connection failures.

add

Add a new firewall rule. Requires sudo.

Flags:

  • --key KEY -- signing identity (e.g. com.apple.curl) or * for global
  • --path PATH -- binary path or * for global
  • --action allow|block -- rule action
  • --addr ADDR -- domain, IP, or regex pattern (default: *)
  • --port PORT -- port number or * for any (default: *)
  • --regex -- treat --addr as a regex pattern
# Allow a domain globally (all apps)
sudo lulu-cli add --key '*' --path '*' --action allow --addr example.com --port 443

# Allow a domain and all subdomains (regex)
sudo lulu-cli add --key '*' --path '*' --action allow \
  --addr '^(.+\.)?example\.com$' --port '*' --regex

# Allow for a specific app only
sudo lulu-cli add --key "/usr/bin/curl" --path /usr/bin/curl \
  --action allow --addr example.com --port 443

# Block a domain
sudo lulu-cli add --key '*' --path '*' --action block --addr malicious.com --port '*'

delete

Delete rule(s) by key. Requires sudo.

Flags:

  • --key KEY -- required
  • --uuid UUID -- specific rule UUID. If omitted, deletes ALL rules for the key.
# Delete a specific rule by UUID
sudo lulu-cli delete --key "com.apple.curl" --uuid "A1B2C3D4-..."

# Delete ALL rules for a key
sudo lulu-cli delete --key "com.apple.curl"

delete-match

Delete rules matching specific criteria. Requires sudo.

Flags:

  • --key KEY -- required
  • --action allow|block -- optional filter
  • --addr ADDR -- optional filter
  • --port PORT -- optional filter
# Delete all block rules on port 53 for curl
sudo lulu-cli delete-match --key "com.apple.curl" --action block --port 53

enable / disable

Toggle a rule's enabled state. Requires sudo.

Flags:

  • --key KEY -- required
  • --uuid UUID -- required
sudo lulu-cli enable --key '*' --uuid A1B2C3D4-...
sudo lulu-cli disable --key '*' --uuid A1B2C3D4-...

reload

Restart the LuLu system extension to apply rule changes. Requires sudo.

sudo lulu-cli reload

Kills the extension process. macOS auto-restarts registered system extensions within ~8 seconds. There is a brief gap in filtering during the restart.

Always run reload after add, delete, enable, or disable.

help

Show usage information.

lulu-cli help

Key Concepts

  • key: Signing identity (e.g. com.apple.curl) or binary path for unsigned apps. Use * for global rules that apply to all apps.
  • action: allow or block
  • addr: Domain name, IP address, regex pattern, or * (any)
  • port: Port number or * (any)
  • type: default (system), apple, user (manually created), passive (auto-created from blocked connections)
  • Global rules: key=* and path=* apply to all applications

Rule Policy: Allow-All vs Domain Allowlist

Not all processes should get unrestricted internet access. When using LuLu as a security boundary for AI agents:

Allow-all (addr=* port=*) -- Only for processes the agent cannot invoke:

  • Apple system daemons (apsd, mDNSResponder, trustd, ocspd, etc.)
  • User-only apps (Raycast, Zed, LuLu, Bitwarden CLI)
  • Network infrastructure (Tailscale, ssh)

Domain allowlist only -- Any process an agent could use to reach the internet:

  • node (Claude Code, OpenClaw runtime)
  • python / uv (agent scripts)
  • curl (command-line HTTP)
  • git / gh (could push to arbitrary remotes)
  • Browser helpers (agent browser automation)

When in doubt, leave a process restricted to the domain allowlist. It's easy to add an allow-all later; harder to notice data leaking through an over-permissive rule.

Troubleshooting

If a connection is failing:

  1. Run lulu-cli recent to see if it was blocked
  2. If yes, add an allow rule for the domain + port (usually 443 for HTTPS)
  3. Run sudo lulu-cli reload to apply
  4. Retry the connection

If the domain doesn't appear in recent, the problem is not the firewall.

Usage Guidance
This skill appears to be what it claims: a command-line interface for LuLu that will need sudo to change firewall rules. Before installing, verify the Homebrew tap/formula (woop/tap) source to ensure authenticity. When using the CLI: inspect rules with list/recent before making changes, avoid creating global allow rules (addr='*' port='*') unless absolutely necessary, back up /Library/Objective-See/LuLu/rules.plist before writes, and be mindful that reload temporarily gaps filtering. Also be cautious about allowing any automated agent to run privileged sudo operations—require explicit user consent for write actions.
Capability Analysis
Type: OpenClaw Skill Name: lulu-cli Version: 0.2.0 The skill provides an AI agent with high-privilege access to modify macOS firewall rules via sudo, including the ability to add, delete, and toggle rules for any application. It includes a 'reload' command that kills the LuLu system extension, which the documentation notes creates an 8-second gap in network filtering. While the skill's instructions in SKILL.md include security advice for managing agent network access, the combination of sudo-level system modification and the requirement for a third-party binary from an unverified Homebrew tap (woop/tap/lulu-cli) constitutes a high-risk capability that could be exploited to facilitate data exfiltration or bypass security boundaries.
Capability Assessment
Purpose & Capability
Requested binaries (lulu-cli) and the brew install (woop/tap/lulu-cli) directly match the stated purpose of managing LuLu firewall rules. No unrelated credentials, paths, or tools are requested.
Instruction Scope
SKILL.md instructs the agent to read and write the LuLu rules file (/Library/Objective-See/LuLu/rules.plist) and to run reload (kill + auto-restart) — this is expected for a firewall management tool. Note: write actions require sudo and can create broad global allow rules (addr='*', port='*'), which are powerful and could weaken the security boundary if misused.
Install Mechanism
Install uses a Homebrew formula (woop/tap/lulu-cli). Homebrew installs are a normal mechanism, but the tap is a third‑party tap (woop/tap) rather than an official core formula — you may want to verify the tap/formula source before installing.
Credentials
The skill declares no environment variables, secrets, or unrelated config paths. The lack of extra credentials is proportionate to its stated function.
Persistence & Privilege
always:false and no skill-level persistence is requested. The only privilege of note is that write operations require sudo (expected for modifying a root-owned rules file). Autonomous invocation is allowed by default but not elevated by the skill itself.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install lulu-cli
  3. After installation, invoke the skill by name or use /lulu-cli
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.0
Remove sudoers documentation to address security flagging
v0.1.0
Initial release
Metadata
Slug lulu-cli
Version 0.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is LuLu CLI?

Manage LuLu macOS firewall rules from the command line. Use when connections are blocked, domains need allowing/blocking, or firewall rules need reviewing. P... It is an AI Agent Skill for Claude Code / OpenClaw, with 256 downloads so far.

How do I install LuLu CLI?

Run "/install lulu-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is LuLu CLI free?

Yes, LuLu CLI is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does LuLu CLI support?

LuLu CLI is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin).

Who created LuLu CLI?

It is built and maintained by Willem Pienaar (@woop); the current version is v0.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments