← Back to Skills Marketplace

Powershell Sandbox

Name: Powershell Sandbox
Author: yuyonghao-123

by yuyonghao-123 · GitHub ↗ · v0.1.0 · MIT-0

cross-platform ⚠ suspicious

110

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install powershell-sandbox

Description

在受限 PowerShell 环境中安全执行脚本，支持命令白名单、超时控制、输出限制、文件隔离和执行前安全检查。

Usage Guidance

Do not install or run this skill as-is. Before trusting it: (1) ask the publisher/source for the actual sandbox implementation (src/sandbox.ps1) and confirm it is present; (2) review the sandbox.ps1 code to verify command/.NET-type filtering, file-path isolation, and job-based termination are implemented securely and cannot be trivially bypassed; (3) verify runtime requirements (PowerShell version, OS) and that your agent environment meets them; (4) test the implementation in an isolated VM with no network access and inspect audit logs for behavior; (5) avoid using the -AllowNetwork option unless you have audited the code; (6) be skeptical of the included TEST_RESULTS.md until you can reproduce those tests against the real code. These inconsistencies could be an oversight or a sign of incomplete/mispackaged skill — proceed only after obtaining and reviewing the actual implementation.

Capability Analysis

Type: OpenClaw Skill Name: powershell-sandbox Version: 0.1.0 The skill bundle provides a PowerShell execution environment, which is an inherently high-risk capability. While the documentation in SKILL.md describes robust security features such as command whitelisting, .NET type restrictions, and timeout controls, the core implementation file (src/sandbox.ps1) is missing from the provided content, making these security claims unverifiable. The inclusion of a high-risk '-AllowNetwork' parameter and the inherent nature of shell access align with the criteria for a suspicious classification.

Capability Assessment

⚠ Purpose & Capability

SKILL.md and package.json describe and document a runnable PowerShell sandbox (src/sandbox.ps1, tests, etc.) but the package contains no code files—only documentation. The skill also claims to target PowerShell 5.1+/7+ yet the metadata declares no required binaries or OS restriction. An agent would need PowerShell installed to fulfill the stated purpose; the absence of declared runtime requirements and the missing sandbox implementation are incoherent with the described capability.

ℹ Instruction Scope

The instructions describe scanning script contents, enforcing command and .NET-type whitelists, running scripts as PowerShell jobs, enforcing timeouts, truncating output, and writing audit logs to a local path. These runtime actions are broadly consistent with the stated goal. However, the doc-level instructions direct the agent to exec a local sandbox script (path shown) that does not exist in the package; the pre-execution scanning approach described could be bypassed by obfuscation or dynamic code constructs (IEX is explicitly forbidden, but other vectors exist). The doc also instructs writing audit logs to '.learnings/sandbox-log.md' (writing to disk) which is reasonable for auditing but should be validated.

ℹ Install Mechanism

There is no install spec (instruction-only), which minimizes install-time risk. However, package.json declares 'main': 'src/sandbox.ps1' and tests, yet those files are absent from the package. This discrepancy is suspicious: the package claims a runnable entrypoint and passing tests but provides only documentation.

✓ Credentials

The skill requests no environment variables or credentials, which is proportionate for a local sandbox. One caution: the skill exposes an '-AllowNetwork' option that, if used, permits network access; enabling it increases risk and should be avoided unless absolutely necessary and validated. The documentation's recommended behaviors (no external interfaces, use sandbox for untrusted code) align with the lack of credentials.

✓ Persistence & Privilege

The skill does not request persistent or system-wide privileges; flags show always:false and normal model invocation behavior. It does recommend creating local audit logs but does not claim to modify other skills or system configs. No elevated privileges are requested in metadata.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install powershell-sandbox
After installation, invoke the skill by name or use /powershell-sandbox
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.0

PowerShell 脚本安全沙箱初始发布： - 支持命令白名单/黑名单和 .NET 类型限制 - 执行前自动进行危险命令与类型安全检查 - 超时保护（Job 机制），防止脚本长时间运行 - 输出行数与字符数限制，防止日志炸弹 - 文件操作严格限定于工作目录，防止越权访问 - 全流程审计日志与标准退出代码

Metadata

Slug powershell-sandbox

Version 0.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Powershell Sandbox?

在受限 PowerShell 环境中安全执行脚本，支持命令白名单、超时控制、输出限制、文件隔离和执行前安全检查。 It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.

How do I install Powershell Sandbox?

Run "/install powershell-sandbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Powershell Sandbox free?

Yes, Powershell Sandbox is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Powershell Sandbox support?

Powershell Sandbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Powershell Sandbox?

It is built and maintained by yuyonghao-123 (@yuyonghao-123); the current version is v0.1.0.

More Skills