← Back to Skills Marketplace
Code Sandbox
by
yuyonghao-123
· GitHub ↗
· v0.1.0
· MIT-0
141
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install yuyonghao-code-sandbox
Description
Secure sandbox for executing Node.js, Python, Go, and Rust code with timeout, CPU, and isolated temporary directory constraints.
Usage Guidance
This package is a prototype sandbox that runs user code by writing files and executing them via shell commands. Don't run untrusted code with it on any machine that holds secrets — the code intentionally (and by default) passes the host environment to child processes and has no network or filesystem isolation or enforced memory limits. If you consider installing or using it:
- Do not enable autonomous invocation for agents that have this skill without strict controls.
- Audit and remove exposure of sensitive environment variables before running (or run the sandbox with a deliberately empty env for child processes). Specifically, change child process env to a minimal whitelist (not ...process.env).
- Prefer running in a container/VM (Docker or isolated VM) with network disabled and resource quotas if you need to execute untrusted code.
- Review and harden executeWithTimeout behavior (exec spawns a shell; killing it may not kill grandchildren). Consider spawn with no shell, or use container runtime and process supervision.
- Because the SKILL.md itself warns this is not suitable for untrusted code, treat the project as experimental. If you cannot accept the risk of environment leakage or arbitrary process execution, do not install or run this skill on sensitive hosts.
Capability Analysis
Type: OpenClaw Skill
Name: yuyonghao-code-sandbox
Version: 0.1.0
The skill implements a 'Code Sandbox' that lacks meaningful isolation, executing code directly on the host via child_process.exec in src/sandbox.js. A critical security flaw exists where the NodeExecutor explicitly passes the parent process's environment variables (process.env) to the executed code, exposing sensitive API keys and secrets to the 'sandbox' environment. While SKILL.md includes safety warnings and a roadmap for Docker integration, the current implementation provides a false sense of security and functions as a high-risk Remote Code Execution (RCE) wrapper.
Capability Assessment
Purpose & Capability
The skill advertises a 'secure sandbox' for multi-language execution, but the code shows process-level execution via shell commands (child_process.exec) rather than hardened isolation. The SKILL.md and TESTING.md emphasize security features, yet the implementation explicitly lists many missing protections (no Docker, no network isolation, no enforced memory limits). The claimed purpose (secure sandbox) is not matched by the current capabilities.
Instruction Scope
SKILL.md instructs installing and running the package locally (npm install, npm run demo). The runtime instructions and code write user-provided code to temporary directories and execute it with shell commands. There are no steps to strip or sanitize environment variables nor to restrict network/filesystem access. The documentation even warns 'NOT suitable for running untrusted code', which contradicts the top-level claim of a 'secure sandbox'.
Install Mechanism
There is no remote download/install spec in the registry metadata; installation is standard npm (package.json). package.json has no declared dependencies, so install risk is low. The skill is not pulling arbitrary archives or remote binaries.
Credentials
The skill declares no required environment variables, but the implementation passes the entire process.env into Node child processes (env: { ...process.env, NODE_ENV: 'sandbox' }) and other languages inherit the parent's env by default. This means any secrets in the agent/host environment (API keys, cloud creds, tokens) would be available to executed code — disproportionate to a safe sandbox and a serious confidentiality risk.
Persistence & Privilege
The skill does not request persistent privileges (always: false), does not declare required config paths or credentials, and does not modify other skills. It keeps execution history in-memory only. No excessive persistence or elevated platform privileges are requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install yuyonghao-code-sandbox - After installation, invoke the skill by name or use
/yuyonghao-code-sandbox - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: Secure, multi-language code execution sandbox for OpenClaw agents.
- Supports Node.js, Python, Go, and Rust code execution
- Basic process isolation and temporary directory usage for safety
- Customizable timeouts, memory limits, and per-execution configuration
- Tracks execution history with metrics
- Automatic cleanup of temporary files after code runs
- Early-stage: network isolation and Docker support not yet implemented
Metadata
Frequently Asked Questions
What is Code Sandbox?
Secure sandbox for executing Node.js, Python, Go, and Rust code with timeout, CPU, and isolated temporary directory constraints. It is an AI Agent Skill for Claude Code / OpenClaw, with 141 downloads so far.
How do I install Code Sandbox?
Run "/install yuyonghao-code-sandbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Code Sandbox free?
Yes, Code Sandbox is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Code Sandbox support?
Code Sandbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Code Sandbox?
It is built and maintained by yuyonghao-123 (@yuyonghao-123); the current version is v0.1.0.
More Skills