← Back to Skills Marketplace
gumadeiras

little-snitch

by Gustavo Madeira Santana · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
2069
Downloads
2
Stars
3
Active Installs
2
Versions
Install in OpenClaw
/install little-snitch
Description
Control Little Snitch firewall on macOS. View logs, manage profiles and rule groups, monitor network traffic. Use when the user wants to check firewall activity, enable/disable profiles or blocklists, or troubleshoot network connections.
README (SKILL.md)

Little Snitch CLI

Control Little Snitch network monitor/firewall on macOS.

Setup

Enable CLI access in Little Snitch → Preferences → Security → Allow access via Terminal

Once enabled, the littlesnitch command is available in Terminal.

⚠️ Security Warning: The littlesnitch command is very powerful and can potentially be misused by malware. When access is enabled, you must take precautions that untrusted processes cannot gain root privileges.

Reference: https://help.obdev.at/littlesnitch5/adv-commandline

Commands

Command Root? Description
--version No Show version
restrictions No Show license status
log No Read log messages
profile Yes Activate/deactivate profiles
rulegroup Yes Enable/disable rule groups & blocklists
log-traffic Yes Print traffic log data
list-preferences Yes List all preferences
read-preference Yes Read a preference value
write-preference Yes Write a preference value
export-model Yes Export data model (backup)
restore-model Yes Restore from backup
capture-traffic Yes Capture process traffic

Examples

View Recent Logs (no root)

littlesnitch log --last 10m --json

Stream Live Logs (no root)

littlesnitch log --stream

Check License Status (no root)

littlesnitch restrictions

Activate Profile (requires root)

sudo littlesnitch profile --activate "Silent Mode"

Deactivate All Profiles (requires root)

sudo littlesnitch profile --deactivate-all

Enable/Disable Rule Group (requires root)

sudo littlesnitch rulegroup --enable "My Rules"
sudo littlesnitch rulegroup --disable "Blocklist"

View Traffic History (requires root)

sudo littlesnitch log-traffic --begin-date "2026-01-25 00:00:00"

Stream Live Traffic (requires root)

sudo littlesnitch log-traffic --stream

Backup Configuration (requires root)

sudo littlesnitch export-model > backup.json

Log Options

Option Description
--last \x3Ctime>[m|h|d] Show entries from last N minutes/hours/days
--stream Live stream messages
--json Output as JSON
--predicate \x3Cstring> Filter with predicate

Notes

  • macOS only
  • Many commands require sudo (root access)
  • Profiles: predefined rule sets (e.g., "Silent Mode", "Alert Mode")
  • Rule groups: custom rule collections and blocklists
Usage Guidance
This skill appears to be a legitimate Little Snitch CLI helper, but there are a few things to consider before installing: - The SKILL.md expects the 'littlesnitch' CLI and macOS, but the skill metadata doesn't declare that binary or an OS restriction — verify the environment will actually have Little Snitch installed before relying on this skill. - Many useful commands require sudo/root (exporting/restoring config, capturing traffic, enabling/disabling rule groups). Only use the skill when you trust both the skill and the agent's ability to run commands on your machine. Be cautious enabling Terminal access in Little Snitch; follow the product's guidance to avoid giving untrusted processes root access. - The skill source/homepage is unknown. If you need to run powerful operations (backups, restores, traffic capture), prefer skills with a known, trusted source or inspect the exact commands the agent will run each time. - Because this is instruction-only, there's no install risk from downloaded code, but the agent still could execute high-impact local commands. Require explicit user confirmation for any sudo-level actions and avoid allowing automatic, unattended execution of this skill on sensitive systems. If you want stronger assurance, ask the skill author for a homepage or source repository, or request that the registry metadata be corrected to list the 'littlesnitch' binary and macOS restriction.
Capability Analysis
Type: OpenClaw Skill Name: little-snitch Version: 1.0.1 This skill is classified as suspicious due to its provision of extensive root-level access to the powerful `littlesnitch` firewall utility on macOS. While the `SKILL.md` documentation itself does not contain explicit malicious instructions or prompt injection, it exposes commands like `sudo littlesnitch profile`, `sudo littlesnitch rulegroup`, `sudo littlesnitch write-preference`, and `sudo littlesnitch export-model`. These commands, especially with root privileges, allow the AI agent to disable firewall rules, modify system network preferences, and export sensitive firewall configurations, which could be misused for persistence, data exfiltration, or disabling security. The `SKILL.md` even includes a 'Security Warning' from the original documentation, highlighting the potential for misuse by malware.
Capability Assessment
Purpose & Capability
The SKILL.md is clearly scoped to controlling the Little Snitch CLI (commands, examples, and many root-required operations). However, the skill metadata does not declare the required 'littlesnitch' binary or an OS restriction (SKILL.md states macOS-only). That mismatch between declared requirements and the actual instructions is an incoherence a user should notice.
Instruction Scope
Instructions stay within the stated purpose: they show how to run littlesnitch commands, read logs, activate profiles, export/restore configuration, and capture/stream traffic. The skill does not instruct reading unrelated files or exfiltrating data to external endpoints. Many examples explicitly require sudo/root, which is expected for a firewall tool but increases potential impact if misused.
Install Mechanism
This is an instruction-only skill with no install spec or downloadable code, which reduces supply-chain risk. It does, however, implicitly require the littlesnitch CLI to already be present on the system — the metadata should have listed that binary dependency but did not.
Credentials
No environment variables, credentials, or config paths are requested. That's appropriate for a local CLI helper. The only elevated privilege implied is use of sudo/root for certain commands, which matches the tool's functionality but is high-impact.
Persistence & Privilege
always:false (not force-included) and no requested persistent credentials. However, the skill's capability to run commands that require root (export/restore model, capture traffic, enable/disable rules) means that if an agent were allowed to execute shell commands autonomously on a macOS machine, the blast radius is significant. Autonomous invocation alone is not flagged, but combined with root-level operations it elevates the risk and requires careful operational controls.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install little-snitch
  3. After installation, invoke the skill by name or use /little-snitch
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Fix setup instructions, add security warning
v1.0.0
Initial release - Little Snitch CLI for macOS
Metadata
Slug little-snitch
Version 1.0.1
License
All-time Installs 3
Active Installs 3
Total Versions 2
Frequently Asked Questions

What is little-snitch?

Control Little Snitch firewall on macOS. View logs, manage profiles and rule groups, monitor network traffic. Use when the user wants to check firewall activity, enable/disable profiles or blocklists, or troubleshoot network connections. It is an AI Agent Skill for Claude Code / OpenClaw, with 2069 downloads so far.

How do I install little-snitch?

Run "/install little-snitch" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is little-snitch free?

Yes, little-snitch is completely free (open-source). You can download, install and use it at no cost.

Which platforms does little-snitch support?

little-snitch is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created little-snitch?

It is built and maintained by Gustavo Madeira Santana (@gumadeiras); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments