← Back to Skills Marketplace
kofna3369

Morgana Mordred Security Sandbox

by Kofna3369 · GitHub ↗ · v2.0.0 · MIT-0
cross-platform ⚠ suspicious
108
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install morgana-mordred-security-sandbox
Description
Educational security training sandbox for AI agents. Contains 5 intentionally vulnerable systems with annotated vulnerability descriptions and tested patches...
Usage Guidance
This skill appears to implement an offline security lab, but it contains several implementation choices that require caution: - Do NOT run these scripts on a production host or in a privileged environment. The test runner and vulnerable systems execute shell commands, eval(), and arbitrary file reads/writes. Run only inside an isolated VM or Docker container with no access to sensitive mounts. - Inspect and change SANDBOX_PATH in src/mordred_runner.py before running. It is hardcoded to /media/ezekiel/Morgana/sandbox/mordred and will create logs/results there; change it to a path you control (or make it relative/configurable). - Review and remove any embedded secrets or tokens (data_leak and flawed_auth include test 'SECRETS' and SESSION_TOKEN). Treat them as test data, but consider whether they might be mistaken for real credentials. - The 'vaccines' include code that manipulates builtins.__dict__ (vaccine_weak_sandbox). Running that code affects the running Python process. Ensure tests restore state (they attempt to) and run them in isolation. - If your goal is to evaluate agent behavior, prefer spinning up the sandbox inside a disposable container image that has no network mounts and limited privileges. Verify no network calls are made and inspect subprocess invocation carefully. - If you lack the ability to run in an isolated environment, do not install or execute this skill. If you proceed, consider auditing every file (especially modules that call subprocess, open files, or use eval/exec) and patching mordred_runner to use relative paths and to require an explicit --outdir or --sandbox-dir parameter.
Capability Analysis
Type: OpenClaw Skill Name: morgana-mordred-security-sandbox Version: 2.0.0 The bundle is a security training sandbox ("Mordred") containing intentionally vulnerable Python scripts (SQL injection, RCE, race conditions, and data leaks) along with corresponding patches called "vaccines." While the stated purpose is educational and defensive, the bundle includes functional high-risk vulnerabilities, such as arbitrary code execution via eval() in 'src/systems/weak_sandbox.py' and shell command execution in 'src/mordred_runner.py'. Per the provided guidelines, the presence of these intentional vulnerabilities and risky capabilities, despite the lack of clear malicious intent or data exfiltration, requires a suspicious classification.
Capability Tags
cryptorequires-wallet
Capability Assessment
Purpose & Capability
Name/description claim an offline training sandbox and the included files implement that. However mordred_runner hardcodes SANDBOX_PATH to /media/ezekiel/... and will write logs and results to that absolute path instead of using the skill directory or a configurable path. That absolute path is unrelated to the skill metadata and suggests the code expects access to a specific user's filesystem — disproportionate to a shipping skill. The rest of the required capabilities (running tests, executing local Python files) are consistent with a sandbox, but the hardcoded paths and embedded 'SECRETS' constants (data_leak contains fake API keys/private_key/PII) are questionable for distribution.
Instruction Scope
SKILL.md instructs agents to run the provided Python test runner and vaccine scripts. The code invoked will execute arbitrary code: weak_sandbox exposes eval() and subprocess.run(shell=True), prompt_injection demonstrates injection strings, data_leak returns secrets defined in-code, and run_all tests execute each system via subprocess.run. Those behaviors are expected for a vulnerability lab, but the instructions give the agent permission to run those dangerous operations on whatever host it is invoked from — there's no explicit insistence in SKILL.md that this must be run only in an isolated container or VM (the failures section mentions Docker as a solution, but not as a hard requirement). Also the SKILL.md contains many prompt-injection example strings (e.g., 'ignore previous instructions', 'you are now') — these are present as examples and may trigger scanners; they are not runtime instructions to the evaluator but could be misused.
Install Mechanism
No install spec (instruction-only) — lower installation risk in general. However the skill includes 11 code files that the agent may execute directly. There are no downloads or external package installs in the manifest, which is good, but executing the included code still grants the code host privileges (file I/O, process execution).
Credentials
The skill declares no required env vars or credentials, which matches the manifest. Despite that, the runner writes to an absolute SANDBOX_PATH (/media/ezekiel/Morgana/...), creating/using directories outside the skill folder; this is disproportionate and unexpected. The code also contains hardcoded 'SECRETS' and 'SESSION_TOKEN' constants embedded in data_leak and flawed_auth — those are test data but could confuse users or be mistaken for real secrets. Several modules (weak_sandbox, race_condition) provide functions that can read/write arbitrary files and run shell commands; these require host-level filesystem and process access that goes beyond a simple read-only demo.
Persistence & Privilege
The skill is not always:true and does not declare persistent privileges. It does, however, modify and write to host filesystem locations (logs/results) when run. Some vaccine code (vaccine_weak_sandbox) temporarily replaces builtins.__dict__ and later restores it — that manipulation affects the running process and could have side effects if not restored correctly. There is no code that modifies other skills or agent configuration, but the absolute path writes and builtins replacement are privileged actions relative to a benign instruction-only skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install morgana-mordred-security-sandbox
  3. After installation, invoke the skill by name or use /morgana-mordred-security-sandbox
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
**Major update: Adds prompt injection vulnerabilities and vaccines, revises system architecture, and expands documentation.** - Introduced a new `prompt_injection` system and corresponding `vaccine_prompt_injection.py`, increasing the vulnerable systems count to five. - Removed deprecated text input test files. - Refactored and updated core files and all system/vaccine modules for broader coverage and improved documentation. - Overhauled and expanded the documentation with clearer overviews, updated instructions, detailed vulnerability and patch explanations, and ethical use guidance. - Updated skill manifest (SKILL.md) with structured metadata, inputs, outputs, verification steps, and improved agent integration instructions.
v1.0.0
Educational security sandbox for AI agents. 5 intentionally vulnerable systems with annotated descriptions and tested patches.
Metadata
Slug morgana-mordred-security-sandbox
Version 2.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Morgana Mordred Security Sandbox?

Educational security training sandbox for AI agents. Contains 5 intentionally vulnerable systems with annotated vulnerability descriptions and tested patches... It is an AI Agent Skill for Claude Code / OpenClaw, with 108 downloads so far.

How do I install Morgana Mordred Security Sandbox?

Run "/install morgana-mordred-security-sandbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Morgana Mordred Security Sandbox free?

Yes, Morgana Mordred Security Sandbox is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Morgana Mordred Security Sandbox support?

Morgana Mordred Security Sandbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Morgana Mordred Security Sandbox?

It is built and maintained by Kofna3369 (@kofna3369); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments