← Back to Skills Marketplace
732
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install astra-docker
Description
Interact with Astra's Docker container workspace by executing commands and reading or writing files at /workspace inside the astra-env container.
README (SKILL.md)
cat \x3C\x3C'EOF' > ~/.openclaw/workspace/skills/astra-docker/SKILL.md
name: astra-docker description: "Execute commands, read files, and write files in Astra's Docker container workspace (astra-env). Use this skill whenever you need to interact with your virtual environment at /workspace."
Docker Workspace Access
You have a persistent Docker container called astra-env with a workspace mounted at /workspace.
How to Use
Use the bash tool to run commands inside the container:
Execute a command
sudo docker exec -w /workspace astra-env bash -c "YOUR_COMMAND_HERE"
Usage Guidance
This skill runs arbitrary shell commands inside a container using 'sudo docker exec' and can read/write files in /workspace. Before installing: (1) confirm you trust the environment and the container name 'astra-env' exists; (2) understand that it requires access to the docker daemon (sudo) even though the metadata doesn't declare that—this is effectively elevated local privilege; (3) review index.js yourself for unsafe quoting/escape edge cases and consider restricting allowed commands or paths; (4) do not install on machines with sensitive mounts or exposed host docker socket unless you fully trust the skill and its maintainer. If you need only a narrow set of operations, prefer a version that limits commands or declares required binaries/permissions explicitly.
Capability Analysis
Type: OpenClaw Skill
Name: astra-docker
Version: 1.0.0
The skill is classified as suspicious due to multiple shell injection vulnerabilities in `index.js`. Both the `docker_exec` and `docker_write_file` tools construct shell commands using user-provided input (`command`, `workdir`, `filepath`) without adequate sanitization, allowing an attacker or a misbehaving agent to execute arbitrary commands inside the `astra-env` Docker container. While the skill's stated purpose is to interact with a Docker container, these vulnerabilities represent a significant security risk, even though there is no clear evidence of intentional malicious behavior (e.g., data exfiltration or backdoor installation).
Capability Assessment
Purpose & Capability
The skill's stated purpose is to interact with an Astra Docker workspace at /workspace (reasonable). However the skill implicitly requires access to the docker daemon (it runs 'sudo docker exec ...') and the presence of a container named 'astra-env'—none of which are declared in the registry metadata (no required binaries or config). That mismatch between claimed requirements and actual capabilities is incoherent.
Instruction Scope
SKILL.md and index.js both instruct the agent to execute arbitrary shell commands inside the container and to write arbitrary files into the workspace. While that fits the stated goal of workspace interaction, it also gives the skill the ability to read and transmit any data accessible inside the container (and, depending on mounts, on the host). The instructions give broad discretion (run any command) without constraints, increasing risk of exfiltration or unintended host effects.
Install Mechanism
There is no install spec (instruction-only with a code file present). No external downloads or install steps are specified, which is lower risk from an installation perspective. The included index.js is a small module that invokes child_process.exec; its presence is expected for this functionality.
Credentials
The skill declares no required environment variables or credentials, but it depends on sudo and docker socket access to run commands as root in a container. Requesting no declared binaries/credentials while requiring elevated local privileges is disproportionate and under-specified. No safeguards or explicit consent prompts are described.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide configuration changes. The skill can be invoked autonomously (default), which increases blast radius if abused, but that alone is not a disqualifier—there are no additional privileged persistence claims.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install astra-docker - After installation, invoke the skill by name or use
/astra-docker - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of astra-docker skill.
- Enables executing commands, reading, and writing files inside Astra's Docker container workspace at /workspace.
- Provides usage instructions for accessing the virtual environment using the bash tool.
Metadata
Frequently Asked Questions
What is Astra Docker?
Interact with Astra's Docker container workspace by executing commands and reading or writing files at /workspace inside the astra-env container. It is an AI Agent Skill for Claude Code / OpenClaw, with 732 downloads so far.
How do I install Astra Docker?
Run "/install astra-docker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Astra Docker free?
Yes, Astra Docker is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Astra Docker support?
Astra Docker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Astra Docker?
It is built and maintained by walniek (@walniek); the current version is v1.0.0.
More Skills