home / skills / openclaw / skills / little-snitch

little-snitch skill

safe

This skill helps you control Little Snitch firewall on macOS via CLI, view logs, manage profiles and rule groups, and troubleshoot network activity.

npx playbooks add skill openclaw/skills --skill little-snitch

Review the files below or copy the command above to add this skill to your agents.

Files (2)

SKILL.md

2.8 KB

---
name: little-snitch
description: Control Little Snitch firewall on macOS. View logs, manage profiles and rule groups, monitor network traffic. Use when the user wants to check firewall activity, enable/disable profiles or blocklists, or troubleshoot network connections.
---

# Little Snitch CLI

Control Little Snitch network monitor/firewall on macOS.

## Setup

Enable CLI access in **Little Snitch → Preferences → Security → Allow access via Terminal**

Once enabled, the `littlesnitch` command is available in Terminal.

⚠️ **Security Warning:** The littlesnitch command is very powerful and can potentially be misused by malware. When access is enabled, you must take precautions that untrusted processes cannot gain root privileges.

Reference: https://help.obdev.at/littlesnitch5/adv-commandline

## Commands

| Command | Root? | Description |
|---------|-------|-------------|
| `--version` | No | Show version |
| `restrictions` | No | Show license status |
| `log` | No | Read log messages |
| `profile` | Yes | Activate/deactivate profiles |
| `rulegroup` | Yes | Enable/disable rule groups & blocklists |
| `log-traffic` | Yes | Print traffic log data |
| `list-preferences` | Yes | List all preferences |
| `read-preference` | Yes | Read a preference value |
| `write-preference` | Yes | Write a preference value |
| `export-model` | Yes | Export data model (backup) |
| `restore-model` | Yes | Restore from backup |
| `capture-traffic` | Yes | Capture process traffic |

## Examples

### View Recent Logs (no root)
```bash
littlesnitch log --last 10m --json
```

### Stream Live Logs (no root)
```bash
littlesnitch log --stream
```

### Check License Status (no root)
```bash
littlesnitch restrictions
```

### Activate Profile (requires root)
```bash
sudo littlesnitch profile --activate "Silent Mode"
```

### Deactivate All Profiles (requires root)
```bash
sudo littlesnitch profile --deactivate-all
```

### Enable/Disable Rule Group (requires root)
```bash
sudo littlesnitch rulegroup --enable "My Rules"
sudo littlesnitch rulegroup --disable "Blocklist"
```

### View Traffic History (requires root)
```bash
sudo littlesnitch log-traffic --begin-date "2026-01-25 00:00:00"
```

### Stream Live Traffic (requires root)
```bash
sudo littlesnitch log-traffic --stream
```

### Backup Configuration (requires root)
```bash
sudo littlesnitch export-model > backup.json
```

## Log Options

| Option | Description |
|--------|-------------|
| `--last <time>[m\|h\|d]` | Show entries from last N minutes/hours/days |
| `--stream` | Live stream messages |
| `--json` | Output as JSON |
| `--predicate <string>` | Filter with predicate |

## Notes

- macOS only
- Many commands require `sudo` (root access)
- Profiles: predefined rule sets (e.g., "Silent Mode", "Alert Mode")
- Rule groups: custom rule collections and blocklists

Overview

This skill controls Little Snitch firewall on macOS to inspect logs, manage profiles, and manipulate rule groups and blocklists. It exposes the littlesnitch CLI capabilities so you can view recent or live logs, check license status, enable/disable profiles and rule groups, and export or restore the firewall model. Use it when you need precise, scriptable control over Little Snitch from Terminal.

How this skill works

The skill invokes the littlesnitch command-line tool available after enabling Terminal access in Little Snitch preferences. It can read and stream logs, print traffic data, toggle profiles and rule groups, and export/restore the configuration. Many operations require elevated privileges (sudo) because they change system-level firewall state or access traffic history.

When to use it

Audit recent or live firewall events to troubleshoot unexpected connections
Switch profiles quickly (e.g., Silent Mode vs Alert Mode) for different network behavior
Enable or disable specific rule groups or blocklists for testing
Export a full configuration for backup before major changes
Capture or stream traffic for incident analysis or development debugging

Best practices

Enable CLI access in Little Snitch preferences and restrict Terminal/root access to trusted users
Run read-only commands (log, restrictions) without sudo; use sudo only when needed
Export model backups before bulk changes and store them securely off-machine
Use JSON output and predicates for scripted filtering and automated audits
Limit live traffic capture duration and sanitize exports to avoid leaking sensitive data

Example use cases

View the last 10 minutes of events as JSON: littlesnitch log --last 10m --json
Stream live firewall events during an app test: littlesnitch log --stream
Activate a prepared profile as root for quiet operation: sudo littlesnitch profile --activate "Silent Mode"
Enable or disable a blocklist while troubleshooting: sudo littlesnitch rulegroup --disable "Blocklist"
Backup current configuration to a file before rolling out changes: sudo littlesnitch export-model > backup.json

FAQ

Do I always need sudo to use this skill?

No. Viewing logs and checking license status work without sudo. Commands that change profiles, rule groups, capture traffic, or export/restore the model typically require sudo.

How do I enable CLI access for Terminal?

Open Little Snitch → Preferences → Security and enable Allow access via Terminal. Only enable this for trusted environments because it grants powerful CLI control.