← Back to Skills Marketplace

Tcb Sandbox

Name: Tcb Sandbox
Author: realalexandreai

by RealAlexandreAI · GitHub ↗ · v0.3.11 · MIT-0

cross-platform ⚠ suspicious

441

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install tcb-sandbox

Description

Operate remote TRW workspaces via @tcb-sandbox/cli (HTTP/MCP client). The TRW npm package is not published publicly; the CLI embeds a production TRW build (`...

Usage Guidance

This skill is largely coherent for managing remote TRW workspaces, but review a few things before installing: - Confirm the npm package source and trustworthiness of @tcb-sandbox/cli (check the package registry owner, published tarball contents, and homepage). If the package is private or from an unknown publisher, prefer to vet it first or run the CLI locally. - Avoid supplying broad credentials in TCB_SANDBOX_HEADERS_JSON unless you trust the endpoint; that env var is referenced in the docs but not declared in metadata. - Be aware the SKILL.md instructs the agent to log a high-risk notice and then proceed with destructive/PT Y/bash actions without an interactive confirmation. If you plan to allow autonomous agent invocation, this means the agent could execute potentially destructive commands once it has the session id — consider requiring explicit user confirmation in your workflow or disallowing autonomous runs for this skill. - Ask the skill author (or inspect the CLI package) to resolve the minor inconsistencies: pnpm vs npm in bootstrap instructions and to declare any optional environment variables (like TCB_SANDBOX_HEADERS_JSON) in metadata. If you cannot verify the package or do not want remote destructive operations to run without an explicit human confirmation, do not install or do not grant the session credentials to the skill.

Capability Analysis

Type: OpenClaw Skill Name: tcb-sandbox Version: 0.3.11 The skill provides a comprehensive interface for managing remote 'TRW' workspaces using the @tcb-sandbox/cli tool. It includes high-risk capabilities such as arbitrary shell execution (bash), pseudo-terminal management (pty-service), secret storage manipulation (secrets-store), and file system access (read/write/upload). While these capabilities are aligned with the stated purpose of workspace management and the instructions in SKILL.md include safety rules and redaction guidelines, the broad access to remote environments and the instruction to execute high-risk actions without interactive confirmation meet the threshold for a suspicious classification under the provided criteria.

Capability Assessment

✓ Purpose & Capability

Name/description align with requirements: the skill manages TRW workspaces, declares the tcb-sandbox binary and session/endpoint env vars, and provides an npm install for @tcb-sandbox/cli which produces the expected binary. Requiring a session id and endpoint is proportionate for remote workspace operations.

⚠ Instruction Scope

SKILL.md mostly confines actions to the remote TRW workspace and explicitly forbids reading arbitrary local credentials. However it (a) references an optional TCB_SANDBOX_HEADERS_JSON environment variable not declared in requires.env, (b) instructs the agent to proceed with high-risk destructive or PTY/bash operations after logging a notice without requiring an additional interactive confirmation, which enables autonomous destructive actions if the agent is invoked automatically.

ℹ Install Mechanism

Install uses a published npm package (@tcb-sandbox/[email protected]) which maps to the required binary — a reasonable mechanism. Minor mismatch: SKILL.md bootstrap suggests pnpm add -g while the install metadata lists a node/npm package; this is plausibly benign but inconsistent and worth confirming. No direct download URLs or archive extraction were present.

⚠ Credentials

Declared required env vars (TCB_SANDBOX_ENDPOINT, TCB_SANDBOX_SESSION_ID) are appropriate. But SKILL.md permits an extra TCB_SANDBOX_HEADERS_JSON for gateway headers (not declared in metadata) which could carry additional sensitive tokens/headers; that undocumented optional variable increases risk if populated. Primary credential being TCB_SANDBOX_SESSION_ID is reasonable.

✓ Persistence & Privilege

The skill does not request always:true, has no system config paths, and does not claim to modify other skills or global agent settings. It does allow autonomous invocation (platform default), which combined with the instruction to proceed after high-risk notices increases operational risk but is not a metadata privilege escalation by itself.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install tcb-sandbox
After installation, invoke the skill by name or use /tcb-sandbox
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.3.11

升级内置 CLI 至 0.3.9；移除过时 ERWA 描述；更新安装引用版本

v0.3.10

Sync with CLI improvements; pin @tcb-sandbox/[email protected]; update SDK integration.

v0.3.5

Pin [email protected] (TS 6 / vitest bump alignment).

v0.3.4

Document bash background process limitation; recommend PTY/tmux as reliable alternatives for long-running services.

v0.3.2

Add mcporter_cli tool playbooks; pin [email protected]; sync bash timeout default.

v0.3.1

Skill release: install pin [email protected]; MCP/mcporter playbooks; align with CLI release docs.

v0.2.3

tcb-sandbox v0.2.3 - Clarified PTY operation support: now explicitly includes read-output and resize actions. - Minor edits and expansions to documentation for improved accuracy and completeness in SKILL.md. - No changes to code or runtime behavior.

v0.2.2

Fix install metadata to use explicit CLI version [email protected] (no @latest).

v0.2.1

Align with latest tcb-sandbox-cli release and capability-first PTY workflow updates.

v0.1.10

- Safety confirmation for high-risk operations has been changed: now emits a high-risk action notice instead of requiring explicit user approval. - The confirmation template section was updated to a "notice" template, and instructions to require/await user confirmation were removed. - Instruction for destructive actions in Safety Rules now directs to log a high-risk notice and execute directly. - No changes to CLI, commands, or general usage flows.

v0.1.9

- Updated CLI installation instructions: now recommends installing [email protected] via pnpm. - Top-level tools are now preferred for secrets management (use `secrets set/get/list/delete`). - Added PTY process management support (create/send_input/kill) as first-class operations. - Updated high-risk operation confirmation template to include PTY lifecycle actions. - Adjusted capability-first flow, introducing `capability_register` and clarifying execution routes. - Refined examples and standard execution flow, emphasizing top-level HTTP tools for secrets, files, preview, and PTY operations.

v0.1.8

tcb-sandbox v0.1.8 - Updated installation instructions to require [email protected] (was latest). - Adjusted metadata to reflect explicit CLI version and updated required environment variables. - Added a note allowing TCB_SANDBOX_HEADERS_JSON as an optional extra header when required. - Clarified bootstrap and setup steps for CLI installation and environment configuration.

v0.1.7

tcb-sandbox 0.1.7 - Added TCB_SANDBOX_HEADERS_JSON to required environment variables. - Updated safety rules to prefer capability-based secret management via secrets-store. - Updated execution flow to prefer capability management tools (capability_list, capability_invoke) for installing/using abilities. - Expanded documentation with new playbooks for capability management and secrets via capability tools. - Clarified that git archive via capability_invoke (git-archive) is the preferred workflow, with git_push as legacy support.

v0.1.6

tcb-sandbox 0.1.6 - Added Apache-2.0 license declaration to SKILL.md. - Updated CLI installation instructions to use tcb-sandbox-cli@latest instead of a fixed version. - Adjusted install metadata to reference the latest version of tcb-sandbox-cli. - No functional changes to runtime behavior or commands.

v0.1.5

tcb-sandbox v0.1.5 - Updated to use and recommend [email protected] (was @0.1.0) for installation and runtime. - SKILL.md clarified that `bash` mode is `execute` by default and documents how to use `mode=dry_run` for risk summaries and simulation. - Minor skill naming and formatting improvements for consistency. - No changes to functionality or core usage patterns.

v0.1.4

License update: switch skill package license to Apache-2.0 for enterprise alignment.

v0.1.3

Risk hardening: pin CLI install to [email protected] and add explicit high-risk confirmation template for bash and secrets operations.

v0.1.2

Security hardening: add SKILL frontmatter metadata for required env/binary and installer hints, restrict credential scope, and replace secret examples with explicit user-approved placeholders.

v0.1.1

Improve operator guidance with top use cases and lifecycle-aware troubleshooting for freeze/wake and TTL rotation scenarios.

v0.1.0

Initial release: session-affine TRW sandbox operation via tcb-sandbox-cli with safety-first workflows.

Metadata

Slug tcb-sandbox

Version 0.3.11

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 20

Frequently Asked Questions

What is Tcb Sandbox?

Operate remote TRW workspaces via @tcb-sandbox/cli (HTTP/MCP client). The TRW npm package is not published publicly; the CLI embeds a production TRW build (`... It is an AI Agent Skill for Claude Code / OpenClaw, with 441 downloads so far.

How do I install Tcb Sandbox?

Run "/install tcb-sandbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Tcb Sandbox free?

Yes, Tcb Sandbox is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Tcb Sandbox support?

Tcb Sandbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Tcb Sandbox?

It is built and maintained by RealAlexandreAI (@realalexandreai); the current version is v0.3.11.

More Skills