openwebf-security-remote-content

star 0

Review security risks and mitigations for remote WebF content (untrusted bundles, URL allowlists, HTTPS, trust boundaries, clickjacking). Use when the user mentions untrusted remote bundles, bundle URL validation/allowlists, or remote updates risk.

archview-ai By archview-ai schedule Updated 12/19/2025
play_arrow Run Skill in Manus View GitHub

name: openwebf-security-remote-content description: Review security risks and mitigations for remote WebF content (untrusted bundles, URL allowlists, HTTPS, trust boundaries, clickjacking). Use when the user mentions untrusted remote bundles, bundle URL validation/allowlists, or remote updates risk. allowed-tools: Read, Grep, Glob, mcp__openwebf__docs_search, mcp__openwebf__docs_get_section, mcp__openwebf__docs_related

OpenWebF Security: Remote Content & Trust Boundaries

Instructions

  1. Identify trust boundaries:
    • remote bundle URLs
    • user-generated content
    • bridge/native plugins
  2. Review how URLs are constructed and validated (allowlists, HTTPS, pinning/versioning).
  3. Use MCP docs (“Security”, “Store Guidelines”) as the baseline for recommendations.
  4. Provide remediation steps ordered by severity; do not modify files by default.

If the user is primarily asking about store policy/compliance for remote updates, prefer openwebf-security-store-guidelines.

More:

Install via CLI
npx skills add https://github.com/archview-ai/webf-plugin --skill openwebf-security-remote-content
Repository Details
star Stars 0
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
archview-ai
archview-ai Explore all skills →