Validate router and switch configs before deployment to catch security and network risks.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "network-config-validation" skill from askskill: 1. Download https://raw.githubusercontent.com/affaan-m/ECC/main/skills/network-config-validation/SKILL.md 2. Save it as ~/.claude/skills/network-config-validation/SKILL.md 3. Reload skills and tell me it's ready
Please review the following router and switch configurations. Identify dangerous commands, duplicate IPs, subnet overlaps, stale references, management-plane exposure risks, and deviations from IOS security best practices. Rank findings by severity and provide remediation steps: [paste configuration text]
A severity-ranked configuration review report with issue locations, risk explanations, and remediation guidance.
I have configurations from multiple network devices. Cross-check interface addresses, VLAN subnets, and static routes to find duplicate addresses, subnet overlaps, and conflicts that could cause routing issues. List the affected devices: [paste multiple configs]
A cross-device conflict list showing conflict types, affected devices, and recommended fixes.
Please focus on management-plane security in this network configuration, including Telnet/SSH, SNMP, ACLs, management VLANs, weak credential risks, unrestricted source access, and logging/audit settings. Provide hardening recommendations: [paste configuration text]
A management-plane security assessment highlighting weaknesses and actionable hardening steps.
Use this skill to review network configuration before a change window or before an automation run touches production devices.
Treat config validation as layered evidence, not as a complete parser. Regex checks are useful for pre-flight warnings, but final approval still needs a network engineer to review intent, platform syntax, and rollback steps.
Validate in this order:
import re
DANGEROUS_PATTERNS: list[tuple[re.Pattern[str], str]] = [
(re.compile(r"\breload\b", re.I), "reload causes downtime"),
(re.compile(r"\berase\s+(startup|nvram|flash)", re.I), "erases persistent storage"),
(re.compile(r"\bformat\b", re.I), "formats a device filesystem"),
(re.compile(r"\bno\s+router\s+(bgp|ospf|eigrp)\b", re.I), "removes a routing process"),
(re.compile(r"\bno\s+interface\s+\S+", re.I), "removes interface configuration"),
(re.compile(r"\baaa\s+new-model\b", re.I), "changes authentication behavior"),
(re.compile(r"\bcrypto\s+key\s+(zeroize|generate)\b", re.I), "changes device SSH keys"),
]
def find_dangerous_commands(lines: list[str]) -> list[dict[str, str | int]]:
findings = []
for line_number, line in enumerate(lines, start=1):
stripped = line.strip()
for pattern, reason in DANGEROUS_PATTERNS:
if pattern.search(stripped):
findings.append({
"line": line_number,
"command": stripped,
"reason": reason,
})
return findings
import ipaddress
import re
from collections import Counter
IP_ADDRESS_RE = re.compile(
r"^\s*ip address\s+"
r"(?P<ip>\d{1,3}(?:\.\d{1,3}){3})\s+"
r"(?P<mask>\d{1,3}(?:\.\d{1,3}){3})\b",
re.I | re.M,
)
def extract_interfaces(config: str) -> list[dict[str, str]]:
results = []
current = None
for line in config.splitlines():
if line.startswith("interface "):
current = line.split(maxsplit=1)[1]
continue
match = IP_ADDRESS_RE.match(line)
if current and match:
ip = match.group("ip")
mask = match.group("mask")
network = ipaddress.ip_interface(f"{ip}/{mask}").network
results.append({"interface": current, "ip": ip, "network": str(network)})
return results
def find_duplicate_ips(config: str) -> list[str]:
ips = [entry["ip"] for entry in extract_interfaces(config)]
counts = Counter(ips)
return sorted(ip for ip, count in counts.items() if count > 1)
def find_subnet_overlaps(config: str) -> list[tuple[str, str]]:
networks = [ipaddress.ip_network(entry["network"]) for entry in extract_interfaces(config)]
overlaps = []
for index, left in enumerate(networks):
for right in networks[index + 1:]:
if left.overlaps(right):
overlaps.append((str(left), str(right)))
return overlaps
Parse VTY blocks by section so access-class checks do not spill across unrelated lines.
import re
def iter_blocks(config: str, starts_with: str) -> list[str]:
blocks = []
current: list[str] = []
for line in config.splitlines():
if line.startswith(starts_with):
…
Conduct multi-source web research and produce cited, source-attributed reports.
Audit, plan, and implement SEO improvements for better search visibility.
Unify multi-channel notifications for routing, deduplication, escalation, and inbox consolidation.
Fetches up-to-date framework docs for setup, APIs, and code examples.
Refine retrieved context iteratively to improve subagent understanding and output quality.
Design adaptive agent workflows with eval gates and reusable skill extraction.
Checks homelab network readiness before VLAN, DNS, firewall, or VPN changes.
Design layered validation across data flows to prevent bugs and security issues.
Validate Azure deployment readiness across config, infrastructure, identities, and permissions.
Helps teams verify deployment readiness, risks, and rollback plans before release.
Validate external inputs to prevent errors, failures, and security issues.
Automatically profile data, infer validation rules, and generate health scores.