LuLu CLI
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a coherent LuLu firewall-management skill, but it deserves review because it lets the agent run sudo-level commands that can change persistent macOS firewall rules.
Review this skill before installing. It appears purpose-aligned for managing LuLu, but only use it if you trust the external lulu-cli package and want an agent to have sudo-capable firewall administration. Ask the agent to show current rules first, confirm every write operation, and avoid global wildcard allow rules unless you intentionally want them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly or too broadly, the agent could weaken your firewall, allow unwanted outbound traffic, delete protections, or briefly interrupt filtering during reload.
The skill grants the agent access to both normal and sudo lulu-cli commands. The documented workflows include adding, deleting, enabling, disabling, and reloading firewall rules, so this is high-impact local system mutation rather than read-only diagnostics.
allowed-tools: Bash(lulu-cli:*), Bash(sudo lulu-cli:*)
Require explicit user approval before any sudo lulu-cli command, prefer specific app/domain/port rules over global wildcards, and review the current rules before making changes.
The skill can make system-wide security changes, not just changes inside the agent or a project folder.
The skill directly manages a root-owned firewall configuration file and states that sudo is required for write operations. This privilege is expected for firewall management, but users should understand the system-level authority involved.
Rules live in `/Library/Objective-See/LuLu/rules.plist` ... owned by root
Install and use only if you trust the lulu-cli binary and are comfortable granting sudo-level firewall administration.
Your trust decision depends on the external lulu-cli package and its Homebrew tap, not just this instruction file.
The skill depends on an external Homebrew tap for the actual executable, while the supplied artifacts contain no code files for static review. This is disclosed and normal for a CLI wrapper, but provenance matters because the binary is used with sudo.
brew | formula: woop/tap/lulu-cli | creates binaries: lulu-cli
Verify the Homebrew formula, repository, maintainer, and release integrity before installing, especially because the tool modifies firewall rules with elevated privileges.
A mistaken rule or reload can affect the whole machine’s outbound network filtering, not just one blocked connection.
The reload operation is disclosed, but restarting the firewall extension creates a temporary filtering gap, and global rules can affect all applications.
Kills the extension process... There is a brief gap in filtering during the restart.
Apply changes in small steps, avoid unnecessary reloads, and confirm that each rule is scoped as narrowly as possible.