← Back to Skills Marketplace
Novita Sandbox
by
piston4711
· GitHub ↗
· v0.1.8
· MIT-0
329
Downloads
0
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install novita-sandbox
Description
Run browser operations and untrusted code in a secure Novita cloud sandbox (Firecracker VM). Use when: (1) browsing any external URL or website, (2) executin...
Usage Guidance
This skill appears to implement a legitimate remote sandboxing tool, but pay attention before installing:
- The SKILL.md and scripts require NOVITA_API_KEY (and optionally NOVITA_DOMAIN), but the registry metadata does not declare these — don't assume no credentials are needed. Only supply an API key you trust and that is limited in scope.
- The runtime depends on the pip package 'novita-sandbox>=1.0.5' (SKILL.md instructs pip install). Verify the package source (PyPI project, maintainer, and release files) before installing to avoid supply-chain risk.
- The CLI can read/write local files via upload/download; if you invoke those commands the skill will access your filesystem. Be deliberate when uploading sensitive files.
- The CLI uses a private SDK call (Sandbox._create) with secure=False to force auto_pause behavior — this is a non-public API choice. Ask the maintainer why a private API and insecure flag are required.
- The SKILL.md warns that browser CDP mode is disabled due to a gateway bug; follow that guidance (never call config.patch) to avoid crashing the gateway.
If you plan to use this skill: confirm the origin and integrity of the 'novita-sandbox' Python package, ensure the API key you supply has minimal privileges and billing implications are acceptable, and prefer reviewing network traffic or service docs for the Novita endpoint before trusting sensitive data to the sandbox.
Capability Analysis
Type: OpenClaw Skill
Name: novita-sandbox
Version: 0.1.8
The novita-sandbox skill is a legitimate tool designed to provide a secure execution environment for untrusted code and web browsing using Novita AI's Firecracker-based cloud sandboxes. The implementation in `scripts/sandbox.py` is a standard CLI wrapper for the `novita-sandbox` SDK, facilitating sandbox lifecycle management, command execution, and file transfers. The `SKILL.md` documentation includes proactive security instructions, such as warning the agent against uploading sensitive local credentials and advising against using specific platform functions (`config.patch`) that might cause instability, demonstrating a focus on safety and isolation.
Capability Assessment
Purpose & Capability
Name/description match the included code: the CLI and SKILL.md implement creating/executing in Novita cloud sandboxes. However the registry metadata lists no required environment variables or primary credential, while the SKILL.md and CLI require NOVITA_API_KEY (and optionally NOVITA_DOMAIN). The required binary (python3) is appropriate, but the missing declaration of NOVITA_API_KEY in the registry is an incoherence that should be fixed.
Instruction Scope
SKILL.md and scripts restrict the intended use to remote/untrusted work, which matches the code. But the tool exposes upload/download that read/write local files (open local_path in upload/download), which means the skill can access arbitrary local files when invoked — this is expected for an upload/download feature, but it contradicts the SKILL.md 'DO NOT use this skill when: Reading/writing the user's local files' phrasing (ambiguous). The CLI enforces NOVITA_API_KEY presence and truncates outputs; it also instructs not to call config.patch. The instructions request installing a pip package (novita-sandbox>=1.0.5) and ask users not to modify the bundled script, so runtime behavior depends on that external package.
Install Mechanism
Registry lists brew/apt entries to install python3 (reasonable). The SKILL.md additionally instructs pip install of 'novita-sandbox>=1.0.5' (and scripts/requirements.txt references the same). That pip install is the real code dependency (moderate supply-chain risk). No arbitrary download URLs are used, but the pip package origin should be verified.
Credentials
Runtime requires NOVITA_API_KEY (mandatory) and NOVITA_DOMAIN (optional), which are proportional to a cloud sandbox service. The problem: the registry metadata did not declare these env vars/credential requirements — mismatch between declared requirements and actual runtime needs. The KEY is required and will be read from the environment by the CLI; ensure the key is scoped and trusted.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It runs as a user-invocable skill (and can be invoked autonomously by default), which is normal. No unexpected persistent privileges are requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install novita-sandbox - After installation, invoke the skill by name or use
/novita-sandbox - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.8
Completely disable CDP mode. OpenClaw bug confirmed: config.patch unconditionally sends SIGUSR1 even with gateway.reload=hot (SIGUSR1 bypasses reload mode via separate restart-C7ane9OU.js code path). Removed all CDP sections. All browsing now via Exec mode only (curl/puppeteer/playwright). Added interactive page example with puppeteer script pattern. Rule 10: NEVER call config.patch for any reason.
v0.1.7
Add two-step browser mode decision: Step 1 judges by task type (prefer Exec/curl for text-only tasks, CDP only for interactive/visual tasks), Step 2 checks gateway.reload safety. Reduces unnecessary CDP usage and token costs.
v0.1.6
Explicitly forbid agent from using config.patch to modify gateway.reload or any gateway.* settings. Agent was self-modifying gateway.reload via config.patch which triggered SIGUSR1 crash. Added Rule 10 and multiple warnings: only user can manually edit openclaw.json for gateway settings.
v0.1.5
Setup Step 4: change from optional recommendation to REQUIRED user decision during install. Agent must present CDP vs Exec mode choice and wait for user response before proceeding. CDP remains blocked unless user explicitly configures gateway.reload=hot.
v0.1.4
Harden browser mode selection: CDP mode is now FORBIDDEN unless gateway.reload is "hot". Added Setup Step 4 requiring user to configure gateway.reload before CDP is available. Exec mode is the safe default. Prevents gateway crash from unconditional SIGUSR1 on config.patch.
v0.1.3
Redesign browser workflow: three-tier mode selection (CDP/ask user/exec fallback) based on gateway.reload setting. Fix SDK compatibility: use _create() for auto_pause=True support on PyPI novita_sandbox>=1.0.5. Add exec mode examples (curl, puppeteer, write-script pattern).
v0.1.1
Pin SDK version (novita-sandbox>=1.0.5), prevent agent from modifying sandbox.py
v0.1.0
Initial release: browser-chromium + code-interpreter-v1 templates, auto-pause lifecycle, cost-aware agent rules, CDP browser integration
Metadata
Frequently Asked Questions
What is Novita Sandbox?
Run browser operations and untrusted code in a secure Novita cloud sandbox (Firecracker VM). Use when: (1) browsing any external URL or website, (2) executin... It is an AI Agent Skill for Claude Code / OpenClaw, with 329 downloads so far.
How do I install Novita Sandbox?
Run "/install novita-sandbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Novita Sandbox free?
Yes, Novita Sandbox is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Novita Sandbox support?
Novita Sandbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Novita Sandbox?
It is built and maintained by piston4711 (@piston4711); the current version is v0.1.8.
More Skills