← Back to Skills Marketplace
841
Downloads
0
Stars
2
Active Installs
2
Versions
Install in OpenClaw
/install sandboxer-tmux
Description
Dispatch coding tasks to tmux sessions via Sandboxer. Use when you need to spawn Claude Code, Gemini, OpenCode, bash, or lazygit sessions in workspace repos, monitor their progress, or send them commands.
Usage Guidance
This skill is coherent with its stated goal (controlling tmux sessions and repo workspaces), but it requires trusting a high‑privilege, unauthenticated local service that can run commands and read/write files under /root. Only install/use on a dedicated, fully isolated machine you control. Before enabling: verify the actual Sandboxer server implementation (source code, auth options), restrict access to localhost and firewall outbound callbacks, avoid running as root if possible, limit agent autonomy, and do not use it on shared or production hosts. The notify_url feature can leak session output to external endpoints — treat it as a potential exfiltration vector unless you control the callback endpoints.
Capability Analysis
Type: OpenClaw Skill
Name: sandboxer-tmux
Version: 1.0.1
This skill is highly suspicious due to its extremely broad capabilities and the explicit instructions for its use. It provides full shell access (`type=bash`), arbitrary command execution (`/api/send`), and file read/write access (`/api/workspace/W/file/PATH`) via an unauthenticated API exposed on `localhost:8081`. The `SKILL.md` explicitly states it grants 'full access to tmux sessions, workspace files, and terminal output on your server' and is 'Intended for dedicated AI machines where agents run with root access.' While these capabilities might align with its stated purpose of dispatching coding tasks, they create a massive attack surface, enabling full system compromise if the agent or the local machine is compromised. The lack of authentication on localhost for such powerful operations is a critical vulnerability.
Capability Assessment
Purpose & Capability
The name/description (dispatch tasks to tmux sessions / Sandboxer) align with the API endpoints and workspace operations described in SKILL.md. Access to workspace repos, tmux sessions, and commit APIs is consistent with the stated purpose.
Instruction Scope
SKILL.md instructs agents to read/write files under /root/workspaces, spawn and control shells (send keystrokes), capture full terminal output, and auto‑commit changes. Those actions go far beyond simple metadata queries: they allow arbitrary command execution and reading/writing repository contents. The doc also documents a POST create with notify_url (external callback) which could be used to exfiltrate data.
Install Mechanism
Instruction-only skill with no install spec or code files. That reduces risk from hidden installers or downloaded artifacts; nothing will be written/installed by the skill package itself.
Credentials
The skill declares no env vars or credentials, but the instructions presume an unauthenticated Sandboxer service on localhost:8081 and a workspace rooted at /root/workspaces (explicitly intended for agents running as root). Lack of any authentication requirement in the instructions is a notable security omission for a service that exposes powerful filesystem and command capabilities.
Persistence & Privilege
always:false (good), but the platform default allows autonomous invocation. Combined with the skill's ability to run arbitrary commands, read/write files under /root, capture terminal output, and trigger external notify_url callbacks, autonomous invocation increases risk. The skill does not request persistent installation, but its runtime privileges are high.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sandboxer-tmux - After installation, invoke the skill by name or use
/sandboxer-tmux - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Add power-user disclaimer
v1.0.0
Initial release of Sandboxer — tmux task dispatcher
- Launch, monitor, and control coding sessions (Claude Code, Gemini, OpenCode, bash, lazygit) in workspace repositories via tmux.
- Provides simple REST API for creating sessions, sending tasks, monitoring progress, capturing output, and killing sessions.
- Manages agent workspaces and project repos with clear Git integration rules.
- Offers endpoints for listing workspaces, repos, file trees, and reading/writing files.
- Supports automatic notification webhook on session completion via `notify_url`.
Metadata
Frequently Asked Questions
What is Skill?
Dispatch coding tasks to tmux sessions via Sandboxer. Use when you need to spawn Claude Code, Gemini, OpenCode, bash, or lazygit sessions in workspace repos, monitor their progress, or send them commands. It is an AI Agent Skill for Claude Code / OpenClaw, with 841 downloads so far.
How do I install Skill?
Run "/install sandboxer-tmux" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill free?
Yes, Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill support?
Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill?
It is built and maintained by chriopter (@chriopter); the current version is v1.0.1.
More Skills