← Back to Skills Marketplace

Unikraft Cloud Sandbox

Name: Unikraft Cloud Sandbox
Author: procub3r

by procub3r · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ⚠ suspicious

104

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install unikraft-sandbox

Description

Run agent tasks inside an isolated Unikraft Cloud (UKC) sandbox VM. Use when the agent needs a clean, isolated execution environment — e.g. running untrusted...

Usage Guidance

This skill appears to implement a real UKC sandbox workflow, but there are important mismatches and operational risks you should consider before installing: - Manifest vs runtime mismatch: the registry metadata lists no required environment variables or binaries, but the SKILL.md and scripts require UKC_TOKEN, UKC_METRO, UKC_USER, UKC_SANDBOX_IMAGE and host tools (curl, jq, ssh-keygen, ssh, rsync, openssl, node). Treat the SKILL.md as authoritative and ensure these exist. - Sensitive token risk: UKC_TOKEN is a bearer token able to manage instances. Only provide a minimal-scope, revocable token and understand that the skill will use it to create and delete instances via your UKC_METRO endpoint. - Private key lifecycle: create-sandbox.sh writes an SSH private key to /tmp/<sandbox-name>/id_ed25519 and delete-sandbox.sh removes that directory only when you run it. If you fail to delete the sandbox, the private key and instance may persist — remember to delete sessions to remove the key and instance. - Destructive sync: sync-to-sandbox.sh uses rsync --delete; files on the remote /workspace that don't exist locally will be removed. Do not rely on persistent data on the sandbox unless you know the sync behavior. - Data exposure on sandbox: anything you sync or run in the sandbox (including secrets) will be present on that remote VM while it exists. Avoid syncing credentials or other sensitive data unless you're certain the UKC provider and image are trusted. - Binaries and dependencies: confirm the host environment has curl, jq, ssh-keygen, ssh, rsync, openssl and node available and that their versions/behaviors are acceptable; the skill does not declare these requirements. If you still want to use it: provide a minimal-scoped UKC_TOKEN, verify and test create/delete on a disposable account, and ensure you always run the delete-sandbox.sh step to remove keys and instances. If possible, request the publisher to update the registry metadata to declare the required env vars and required host binaries to remove the manifest incoherence.

Capability Analysis

Type: OpenClaw Skill Name: unikraft-sandbox Version: 1.1.0 The unikraft-sandbox skill is a legitimate tool for managing isolated Unikraft Cloud (UKC) virtual machines. It provides scripts for provisioning instances (create-sandbox.sh), executing commands via a dedicated Node.js wrapper (exec-sandbox.js), and synchronizing files using rsync over TLS-wrapped SSH (sync-to-sandbox.sh). The skill follows security best practices by generating per-session SSH keys in /tmp and using official UKC API patterns (api.unikraft.io). No evidence of data exfiltration, unauthorized persistence, or malicious prompt injection was found.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md and bundled scripts clearly require UKC credentials (UKC_TOKEN, UKC_METRO, UKC_USER, UKC_SANDBOX_IMAGE) and perform UKC API calls to create/delete instances; however the registry metadata lists no required environment variables. That metadata omission is an incoherence: the skill legitimately needs the listed UKC env vars, so the manifest is incomplete/misleading.

⚠ Instruction Scope

Instructions explicitly create SSH keypairs under /tmp, persist a private key and FQDN there, perform file syncs (rsync) and remote command execution (exec API or SSH), and warn that sync-to-sandbox.sh uses --delete. Those operations are expected for a sandbox but are consequential: files and secrets from the local session will be uploaded to the sandbox (and deletions on the remote can occur on sync), private keys are stored on disk until deletion, and the scripts assume binaries and tools that are not declared. No instructions ask for unrelated host data, but the destructive sync + private key lifecycle and missing binary declarations are notable.

ℹ Install Mechanism

This is instruction-only with shipped scripts (no package downloads or external installers). That limits install-time risk. However the scripts rely on host binaries (curl, jq, ssh-keygen, ssh, rsync, openssl, node) that the metadata does not declare; the absence of an install spec is reasonable, but the missing required-binaries declarations are an operational/incoherence issue.

⚠ Credentials

The skill requires a bearer token (UKC_TOKEN) and UKC_METRO base URL to create/delete instances — these are necessary for the stated purpose. But the registry claimed no required env vars, so the manifest underdeclares sensitive credentials. Also UKC_TOKEN is powerful (it can list/create/delete instances) — users should ensure the token has minimal privileges and that storing it in environment variables is acceptable. UKC_USER is declared in SKILL.md but not clearly used in scripts; that's another small inconsistency.

✓ Persistence & Privilege

The skill is not always-enabled, does not request system-wide config changes, and limits persistent state to /tmp/<sandbox-name> (SSH keys, fqdn). It does create and delete remote cloud instances (expected) but does not modify other skills. The agent's ability to invoke the skill autonomously is the default and not by itself a red flag.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install unikraft-sandbox
After installation, invoke the skill by name or use /unikraft-sandbox
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.1.0

unikraft-sandbox 1.1.0 - Improved sandbox creation: now checks for existing sandbox names and errors if a name is reused. - Updated file synchronization details: local → sandbox sync uses a destructive method (`--delete`), warning users that files not present locally will be deleted from the sandbox. - SSH instructions now use an `openssl s_client` proxy for connections. - Removed outdated notes about script TODO stubs. - Clarified and streamlined procedure steps and usage notes.

v1.0.0

Initial release of unikraft-sandbox 1.0.0: - Runs tasks inside an isolated Unikraft Cloud (UKC) VM sandbox for each session. - Intended for running untrusted code, testing scripts, or reproducing build issues in isolation. - Triggers on phrases like "run this in a sandbox" or any request for an isolated environment. - Requires environment variables: UKC_TOKEN, UKC_METRO, UKC_USER, and UKC_SANDBOX_IMAGE. - Provides scripts for sandbox lifecycle: create, sync, execute, and delete. - Handles missing prerequisites and common error scenarios with clear user prompts.

Metadata

Slug unikraft-sandbox

Version 1.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Unikraft Cloud Sandbox?

Run agent tasks inside an isolated Unikraft Cloud (UKC) sandbox VM. Use when the agent needs a clean, isolated execution environment — e.g. running untrusted... It is an AI Agent Skill for Claude Code / OpenClaw, with 104 downloads so far.

How do I install Unikraft Cloud Sandbox?

Run "/install unikraft-sandbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Unikraft Cloud Sandbox free?

Yes, Unikraft Cloud Sandbox is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Unikraft Cloud Sandbox support?

Unikraft Cloud Sandbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Unikraft Cloud Sandbox?

It is built and maintained by procub3r (@procub3r); the current version is v1.1.0.

More Skills