← Back to Skills Marketplace
edmonddantesj

AOI Sandbox Shield (Lite)

by edmonddantesj · GitHub ↗ · v0.1.2
cross-platform ⚠ suspicious
870
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install aoi-sandbox-shield-lite
Description
Creates snapshots of critical config files, validates JSON configs for syntax and keys, and generates audit logs without applying changes.
README (SKILL.md)

AOI Sandbox Shield (Lite)

S-DNA: AOI-2026-0215-SDNA-SS02

What this is

A public-safe subset of “sandbox shield” focused on:

  • creating snapshots of critical workspace/config files
  • validating JSON config files (syntax + required keys)
  • producing an audit log artifact you can attach to release notes

What this is NOT (by design)

  • Does not apply configs
  • Does not restart gateways
  • Does not modify cron
  • Does not send messages externally

Commands

Create snapshot

node skill.js snapshot --reason="before publishing"

Validate config JSON (syntax + required keys)

node skill.js validate-config --path="$HOME/.openclaw/openclaw.json"

Output

All commands print JSON to stdout for easy logging.

Release governance (public)

We publish AOI skills for free and keep improving them. Every release must pass our Security Gate and include an auditable changelog. We do not ship updates that weaken security or licensing clarity. Repeated violations trigger progressive restrictions (warnings → publish pause → archive).

Support

Links

License

MIT (AOI original).

Usage Guidance
This skill appears to do what it claims: create local snapshots of files in your OpenClaw workspace and validate a JSON config, and it does not contact external endpoints or ask for credentials. Before installing, verify you are comfortable with files being copied into ~/.openclaw/workspace/.sandbox_snapshots_lite (check ownership and permissions), ensure you have a Node runtime available (SKILL.md shows running with 'node'), and review snapshot contents before sharing them (they include file contents' hashes and copies of files such as AGENTS.md, SOUL.md, etc., which could contain sensitive data). Also note the registry metadata omits 'node' under required binaries and the skill's source/homepage in the manifest is minimal — if provenance is important, verify the GitHub/ClawHub links in SKILL.md and confirm you trust that publisher.
Capability Analysis
Type: OpenClaw Skill Name: aoi-sandbox-shield-lite Version: 0.1.2 The `skill.js` file contains a `validateConfig` function that reads the content of an arbitrary file path provided via the `--path` argument using `fs.readFileSync`. While the stated purpose is to validate JSON, this capability allows reading any file the process has permissions for. The file content (or parsing error) is then printed to `stdout`. This creates an information disclosure vulnerability, as an attacker could potentially use prompt injection against the OpenClaw agent to read sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) and capture the output, even though the skill itself does not perform external data exfiltration. This is a risky capability without clear malicious intent within the code itself.
Capability Assessment
Purpose & Capability
Name/description promise snapshot + JSON validation and the code implements that: it reads specific files under the user's ~/.openclaw workspace, computes SHA-256 hashes, copies present files into a snapshot directory, and validates a provided JSON config for required keys. There are no extraneous service credentials, network calls, or unrelated binaries required by the implementation.
Instruction Scope
SKILL.md instructs running node skill.js for snapshot and validate-config; the code implements only local reads and writes under the user's home workspace and prints JSON to stdout. Minor note: SKILL.md doesn't explicitly state where snapshots are stored (the code creates ~/.openclaw/workspace/.sandbox_snapshots_lite), so users should expect on-disk snapshots in that location.
Install Mechanism
No install spec; instruction-only usage plus a single JS file. No external downloads or package installs are performed. The skill requires a Node runtime to run (SKILL.md examples use node), but the registry metadata did not list 'node' under required binaries — this is a small metadata mismatch but not malicious.
Credentials
The skill declares no required environment variables or credentials and indeed accesses only filesystem paths under the user's home. It does not request or read unrelated environment variables or secrets.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide agent configuration. It writes snapshot files into a subdirectory of the user's workspace (~/.openclaw/workspace/.sandbox_snapshots_lite), which is within its stated scope.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install aoi-sandbox-shield-lite
  3. After installation, invoke the skill by name or use /aoi-sandbox-shield-lite
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
Docs: add GitHub Issues support link (aoi-skills).
v0.1.1
Docs: add release governance snippet + ClawHub link. Add MIT LICENSE file.
v0.1.0
Initial public-safe release: snapshot+validate only (no apply/restart/cron/messaging). MIT.
Metadata
Slug aoi-sandbox-shield-lite
Version 0.1.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is AOI Sandbox Shield (Lite)?

Creates snapshots of critical config files, validates JSON configs for syntax and keys, and generates audit logs without applying changes. It is an AI Agent Skill for Claude Code / OpenClaw, with 870 downloads so far.

How do I install AOI Sandbox Shield (Lite)?

Run "/install aoi-sandbox-shield-lite" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AOI Sandbox Shield (Lite) free?

Yes, AOI Sandbox Shield (Lite) is completely free (open-source). You can download, install and use it at no cost.

Which platforms does AOI Sandbox Shield (Lite) support?

AOI Sandbox Shield (Lite) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AOI Sandbox Shield (Lite)?

It is built and maintained by edmonddantesj (@edmonddantesj); the current version is v0.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments