← Back to Skills Marketplace
Multi-Agent Sandbox
by
Erwan Lee Pesle
· GitHub ↗
· v1.0.0
371
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install multi-agent-sandbox
Description
Setup multi-agent sandbox infrastructure with Docker, Discord, SSH, and Tailscale. Use when: (1) creating a sandboxed agent for cross-gateway collaboration,...
Usage Guidance
This skill appears to do what it says, but it requires you to make host‑level, persistent changes (systemd services, firewall rules, network bridges) and to give sandbox agents many powerful capabilities (exec/process, sessions_send). Before installing: (1) only run this on a dedicated host or VM you control; do not use your main agent host; (2) restrict socat binds to the smallest necessary IPs and verify the exact unit files before enabling them; (3) use per‑agent Discord bot tokens with minimal scopes and do not reuse main agent credentials; (4) limit sandbox tool allowlists — remove exec/process or reduce workspace access if possible; (5) use Tailscale ACLs/exit node settings to restrict routes and audit connections; (6) rebuild and inspect the sandbox Docker image locally (avoid pulling unvetted images); and (7) log and monitor the created services and network flows so you can quickly revoke access. If you are unsure about any host commands or the source of this skill, ask the author for justification, a threat model, or a reviewed implementation before proceeding.
Capability Analysis
Type: OpenClaw Skill
Name: multi-agent-sandbox
Version: 1.0.0
The skill bundle provides a detailed architectural guide and configuration templates for setting up a multi-agent sandbox environment using Docker, Discord, and Tailscale. The instructions in SKILL.md focus on legitimate infrastructure setup, including socat-based networking bridges to allow sandboxed containers to access a shared VPS via the host's Tailscale connection. The provided agent configurations include proactive security measures such as read-only root filesystems and explicit tool allowlists/denylists, showing no signs of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
The SKILL.md describes exactly the advertised purpose: creating Docker sandbox agents that communicate cross‑gateway via Discord, socat bridges, and Tailscale. The requested actions (adding SSH client to the image, creating socat bridges, configuring Tailscale, and per-agent allowlists) are consistent with that purpose. However, some required host actions (systemd services and firewall rules) are high privilege — they are explainable by the stated architecture but are substantial and should be expected only if you intend to modify host networking.
Instruction Scope
The runtime instructions direct the operator to perform host‑level changes: create systemd units, modify ufw rules, bind network listeners on the host's docker0 interface, and rebuild/force‑remove containers. They also instruct enabling powerful sandbox tools (exec, process, read, write, apply_patch, sessions_send, sessions_spawn). These steps go beyond simply configuring an isolated container and create persistent bridging paths between containers, host, VPS, and external gateways — increasing the risk of unintended data exposure or lateral access if misconfigured.
Install Mechanism
This is an instruction‑only skill (no install spec, no code files), so there is no automated download or archive extraction risk from the skill itself. The risk comes from the manual commands it instructs you to run on your systems.
Credentials
The skill requires external credentials and services in practice (Discord bot tokens, a Tailscale network, and a shared VPS) but declares no required environment variables in metadata. Asking operators to provision Discord bot tokens and Tailscale is reasonable for the described feature, but the skill also recommends enabling many powerful agent tools and cross‑agent allowlists, increasing the chance of sensitive data flow. The absence of declared env vars is an inconsistency that reduces transparency.
Persistence & Privilege
The instructions create long‑running host services (systemd socat units) and firewall rules that persist beyond a single agent session, establishing continuous network bridges between local containers, host, and a remote VPS. Although the skill is not flagged 'always:true', these persistent host changes effectively grant ongoing network access and increase the blast radius if an agent or image is compromised. The skill also advocates wide tool permissions (sessions_spawn, sessions_send) which can create long‑lived A2A channels.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install multi-agent-sandbox - After installation, invoke the skill by name or use
/multi-agent-sandbox - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: sandboxed agents, Discord multi-bot, socat bridges, Tailscale mesh, per-agent A2A allowlists (PR #39102)
Metadata
Frequently Asked Questions
What is Multi-Agent Sandbox?
Setup multi-agent sandbox infrastructure with Docker, Discord, SSH, and Tailscale. Use when: (1) creating a sandboxed agent for cross-gateway collaboration,... It is an AI Agent Skill for Claude Code / OpenClaw, with 371 downloads so far.
How do I install Multi-Agent Sandbox?
Run "/install multi-agent-sandbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Multi-Agent Sandbox free?
Yes, Multi-Agent Sandbox is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Multi-Agent Sandbox support?
Multi-Agent Sandbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Multi-Agent Sandbox?
It is built and maintained by Erwan Lee Pesle (@superworldsavior); the current version is v1.0.0.
More Skills