← Back to Skills Marketplace
73
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install alfred-openshell-sandbox
Description
Provides isolated sandboxes using NVIDIA OpenShell for secure code execution, security scans, debugging, and test running with resource and network restricti...
README (SKILL.md)
OpenShell Sandbox Skill
Secure execution environment for specialist agents using NVIDIA OpenShell.
Overview
OpenShell provides sandboxed containers with Landlock LSM + seccomp + network namespaces + L7 policy engine. Each specialist agent gets an isolated sandbox for safe code execution.
Sandboxes Available
| Sandbox | Agent | Purpose | Status |
|---|---|---|---|
coder-sandbox |
coder | Code execution, builds, tests | Ready |
security-sandbox |
security | Pentesting, security scans | Ready |
debug-sandbox |
debug | Bug reproduction, diagnosis | Ready |
test-sandbox |
qa-tester | Test execution | Ready |
CLI Reference
# List all sandboxes
openshell sandbox list
# Execute command in sandbox
openshell sandbox exec -n \x3Csandbox-name> -- \x3Ccommand> [args...]
# Interactive shell
openshell sandbox connect -n \x3Csandbox-name>
# Create new sandbox
openshell sandbox create --name \x3Cname>
# Delete sandbox
openshell sandbox delete \x3Cname>
# View logs
openshell logs -n \x3Csandbox-name>
# Gateway status
openshell status
# Diagnose issues
openshell doctor check
Agent Integration
For Coder Agent
When executing code that could affect the host system:
# Instead of running locally:
python3 script.py
# Run in sandbox:
openshell sandbox exec -n coder-sandbox -- python3 /workspace/script.py
For Security Agent
When running security tools or scans:
# Run nmap, nikto, etc. in isolated sandbox
openshell sandbox exec -n security-sandbox -- nmap -sV target
For Debug Agent
When reproducing bugs or testing fixes:
openshell sandbox exec -n debug-sandbox -- node test.js
For QA-Tester
When running test suites:
openshell sandbox exec -n test-sandbox -- pytest tests/
File Transfer
To copy files between host and sandbox:
# Copy file INTO sandbox (via exec cat)
cat local_file.py | openshell sandbox exec -n coder-sandbox -- tee /workspace/local_file.py
# Copy file FROM sandbox
openshell sandbox exec -n coder-sandbox -- cat /workspace/result.txt > local_result.txt
Policies
Default policies apply L7 network restrictions. To view/modify:
openshell policy list
Resource Limits
- CPU: Shared with host (24GB RAM server)
- Network: Restricted by L7 policy (no outbound by default)
- Disk: Ephemeral (deleted with sandbox)
- Timeout: 30 min default per exec command
Troubleshooting
- Sandbox not found: Run
openshell sandbox listto check status - Gateway down: Run
openshell statusandopenshell doctor check - Permission denied: Sandboxes run as unprivileged user
- Network blocked: Default policy denies outbound; use
openshell policyto modify
Architecture
Host (Ubuntu ARM64)
└── OpenShell Gateway (Docker + k3s)
├── coder-sandbox (aarch64, Python 3.13, Node 22)
├── security-sandbox (aarch64)
├── debug-sandbox (aarch64)
└── test-sandbox (aarch64)
Version
- OpenShell CLI: 0.0.35
- Base image: ghcr.io/nvidia/openshell-community/sandboxes/base:latest
- Platform: aarch64 (ARM64)
Usage Guidance
This is an instruction-only skill that documents how to use an existing NVIDIA OpenShell installation. Before installing or using it: (1) Verify you actually have the 'openshell' CLI and gateway reachable from the agent (the SKILL.md assumes this but the metadata does not declare it). (2) Confirm the OpenShell gateway and base image (ghcr.io/nvidia/openshell-community/...) are from a trusted source and up-to-date, and inspect their manifest/content if possible. (3) Validate sandbox isolation (Landlock/seccomp/L7 policies) in your environment — the skill will run arbitrary commands inside sandboxes and can copy host files into them, so a misconfigured gateway could leak host data. (4) Be cautious about running network scans or pentesting commands (legal/ethical considerations and possible outbound network requirements). (5) If you want this skill to be safer, request the author add explicit required-binaries and environment preconditions (openshell CLI presence, gateway URL/credentials if needed) and include provenance/homepage/source information.
Capability Analysis
Type: OpenClaw Skill
Name: alfred-openshell-sandbox
Version: 1.0.0
The skill bundle provides documentation for 'OpenShell,' a sandboxing utility designed for secure code execution. The SKILL.md file contains standard CLI instructions for managing isolated environments (e.g., openshell sandbox exec) and lacks any indicators of malicious intent, data exfiltration, or prompt injection attacks.
Capability Assessment
Purpose & Capability
The name/description (providing OpenShell sandboxes) matches the SKILL.md content: commands, sandboxes, policies and examples are consistent with that purpose. However, the skill metadata declares no required binaries or install steps even though every runtime example requires an 'openshell' CLI and an OpenShell gateway; that undeclared dependency is an incoherence.
Instruction Scope
The SKILL.md confines actions to managing and running commands inside sandboxes (exec, connect, policy, logs). It does not instruct reading unrelated host files or environment variables. It does show file copy patterns (cat | exec tee) which legitimately transfer host data into sandboxes — this is expected for the stated purpose but means host files can be exposed to sandboxes if used.
Install Mechanism
No install spec is present (instruction-only), which minimizes disk writes or hidden downloads. This is coherent for a skill that simply documents how to use an existing OpenShell installation — but the skill should have declared that the 'openshell' binary and gateway must be present and reachable.
Credentials
The skill requests no environment variables or credentials, which is proportional. However, it implicitly requires agent access to an OpenShell gateway/CLI and network access to targets for scans; those runtime privileges are not declared. Also it references a base image (ghcr.io/nvidia/openshell-community/...) — you should validate that image and the gateway's configuration before trusting sandbox isolation.
Persistence & Privilege
The skill is not always-enabled and does not request persistent or system-wide configuration changes. It does not attempt to modify other skills' configs in the instructions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install alfred-openshell-sandbox - After installation, invoke the skill by name or use
/alfred-openshell-sandbox - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial: 4 sandboxes (coder, security, debug, qa-tester), CLI reference, agent integration guide
Metadata
Frequently Asked Questions
What is Alfred OpenShell Sandbox?
Provides isolated sandboxes using NVIDIA OpenShell for secure code execution, security scans, debugging, and test running with resource and network restricti... It is an AI Agent Skill for Claude Code / OpenClaw, with 73 downloads so far.
How do I install Alfred OpenShell Sandbox?
Run "/install alfred-openshell-sandbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Alfred OpenShell Sandbox free?
Yes, Alfred OpenShell Sandbox is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Alfred OpenShell Sandbox support?
Alfred OpenShell Sandbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Alfred OpenShell Sandbox?
It is built and maintained by lJokerl (@lllljokerllll); the current version is v1.0.0.
More Skills