← Back to Skills Marketplace
guyoung

Boxed fs

by guyoung · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
103
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install boxed-fs
Description
WebAssembly sandboxed file system operations for secure file read/write within explicitly declared directories. Use when needing to read, write, append, copy...
README (SKILL.md)

boxed-fs

WebAssembly sandboxed file system operations. All file operations run inside a WASM sandbox with access control.

Quick Start

// Download wasm first (one-time)
wasm-sandbox-download({
  url: "https://raw.githubusercontent.com/guyoung/wasm-sandbox-openclaw-skills/main/boxed-fs/files/boxed-fs-component.wasm",
  dest: "~/.openclaw/skills/boxed-fs/files/boxed-fs-component.wasm"
})

// List files
wasm-sandbox-run({
  wasmFile: "~/.openclaw/skills/boxed-fs/files/boxed-fs-component.wasm",
  workDir: "~/.openclaw/workspace",
  args: ["list-dir", "--path", "."]
})

// Read file
wasm-sandbox-run({
  wasmFile: "~/.openclaw/skills/boxed-fs/files/boxed-fs-component.wasm",
  workDir: "~/.openclaw/workspace",
  args: ["read-file", "--path", "example.txt"]
})

Supported Operations

  • read-file - Read file contents
  • write-file - Write file contents atomically
  • append-file - Append data to a file
  • open-file - Open a file for reading
  • open-writable-file - Open a file for writing
  • copy-file - Copy a file within root
  • remove-path - Remove a file or directory
  • mkdir-path - Create a directory path
  • list-dir - List files and directories under a path

Trigger When

boxed-fs triggers when the user asks to read, write, append, copy, remove, list, or otherwise manipulate files in a sandboxed environment, or when explicitly requested to use boxed-fs.

boxed-fs 在用户要求在沙箱环境中读取、写入、追加、复制、删除、列出或以其他方式操作文件时触发,或在明确请求使用 boxed-fs 时触发。

Usage Reference

See USAGE.md for detailed command usage and examples.

Usage Guidance
This skill appears to do what it says (sandboxed file ops), but it depends on downloading and running a WASM binary from a third-party GitHub raw URL at runtime with no checksum or source included. Before installing: (1) verify you trust the maintainer/repo (guyoung) and the specific WASM binary, (2) ask the author for a SHA256 checksum or signed release so you can verify integrity, (3) prefer skills that bundle the WASM or provide source code or reproducible builds, (4) avoid mapping sensitive host paths into mapDirs (do not map home, ssh keys, cloud credential locations, or other secrets), and (5) run first-time use in an isolated environment if possible. If the WASM were packaged with the skill or a checksum/signature were supplied, my concern would be reduced (verdict could move toward benign).
Capability Analysis
Type: OpenClaw Skill Name: boxed-fs Version: 1.0.0 The skill downloads and executes an external WebAssembly binary (boxed-fs-component.wasm) from a remote GitHub repository (guyoung/wasm-sandbox-openclaw-skills) without integrity verification or checksums. While it claims to provide a sandboxed file system, the 'mapDirs' parameter in USAGE.md allows mapping arbitrary host directories into the sandbox, which could be used to access sensitive data if the agent is misdirected. The reliance on an unverified remote binary for core file system operations represents a significant supply chain risk.
Capability Assessment
Purpose & Capability
Name/description match the instructions: the skill provides WASM-based sandboxed file operations and documents read/write/list/copy/remove operations. It requires an external openclaw-wasm-sandbox plugin (documented in USAGE.md) which is consistent with its purpose. No unrelated env vars, binaries, or paths are requested.
Instruction Scope
SKILL.md and USAGE.md keep operations scoped to a specified workDir and optional explicit mapDirs, which is correct for a sandboxed FS helper. However, the runtime instructions direct the agent to download a WASM binary from a third-party raw GitHub URL and then execute it via wasm-sandbox-run. There are no integrity checks (no checksum/signature) and no packaged source for the WASM, so the agent will fetch and run external code at runtime — this expands the risk surface.
Install Mechanism
There is no formal install spec; instead the skill relies on runtime download (wasm-sandbox-download) of a single WASM file hosted at a raw.githubusercontent.com URL. While GitHub raw URLs are common, downloading an executable blob at runtime without a checksum or embedded source is a moderate risk (the downloaded binary will be written to ~/.openclaw/skills/...).
Credentials
The skill requests no environment variables or credentials, which is appropriate. However, the documented use of mapDirs means users or agents could grant the sandbox access to arbitrary host directories; if sensitive directories are mapped (intentionally or accidentally) the WASM could read or exfiltrate files. The skill itself does not request secrets, but runtime configuration can expose them.
Persistence & Privilege
always is false, the skill is user-invocable and does not request permanent inclusion or modifications to other skills or system-wide settings. It writes its WASM file to its own skill path per the examples, which is normal.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install boxed-fs
  3. After installation, invoke the skill by name or use /boxed-fs
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of boxed-fs providing secure, sandboxed file system operations via WASM. - Supports file read, write, append, copy, and remove within user-declared directories. - All operations run inside a WebAssembly sandbox with access controls. - Includes atomic write, directory creation, and file/directory listing. - Detailed usage and commands documented in SKILL.md.
Metadata
Slug boxed-fs
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Boxed fs?

WebAssembly sandboxed file system operations for secure file read/write within explicitly declared directories. Use when needing to read, write, append, copy... It is an AI Agent Skill for Claude Code / OpenClaw, with 103 downloads so far.

How do I install Boxed fs?

Run "/install boxed-fs" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Boxed fs free?

Yes, Boxed fs is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Boxed fs support?

Boxed fs is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Boxed fs?

It is built and maintained by guyoung (@guyoung); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments