← Back to Skills Marketplace
Skill Auditor in Sandbox
by
freecodewu
· GitHub ↗
· v1.0.3
· MIT-0
85
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install skill-auditor-in-sandbox
Description
Launch a NovitaClaw (OpenClaw) sandbox, install a specified skill, and generate an installation & security audit report. Use when: (1) You want to test a com...
Usage Guidance
This skill mostly does what it claims, but proceed cautiously. Before installing or running: (1) verify the upstream repository (https://github.com/freecodewu/skill-auditor-in-sandbox) and the novitaclaw install script contents; (2) confirm NOVITA_API_KEY usage and limit its scope if possible; (3) review the two scripts locally — the audit script intentionally obfuscates patterns to avoid static scanners and will capture and include full text of many files (which can leak secrets); (4) run the tool only against untrusted skills inside an isolated Novita sandbox (do not use a production account or high-privilege API key); (5) consider modifying the audit script to avoid exporting sensitive files and to log findings without dumping entire file contents; (6) because the metadata does not declare required env vars, expect to supply SANDBOX_ID and NOVITA_API_KEY manually and verify these prompts before use.
Capability Analysis
Type: OpenClaw Skill
Name: skill-auditor-in-sandbox
Version: 1.0.3
The skill-auditor-in-sandbox bundle is a security tool designed to test and audit other OpenClaw skills within an isolated NovitaClaw sandbox. It includes scripts (install-skill.mjs and audit-skill.mjs) that automate the process of launching a sandbox, installing a target skill from GitHub or ClawHub, and scanning for suspicious patterns like shell execution, network calls, and sensitive file access. The code implements input validation for skill names to prevent command injection and uses sandboxing to protect the host environment. While it uses string concatenation for its search patterns (e.g., 'sub' + 'process') to avoid self-detection by static scanners, this is a standard practice for security auditing tools and does not indicate malicious intent.
Capability Assessment
Purpose & Capability
The SKILL.md and included scripts clearly require a Novita API key, a SANDBOX_ID, the novitaclaw CLI, and the novita-sandbox package — but the registry metadata lists no required env vars or binaries. Requesting a Novita API key is coherent with launching NovitaClaw sandboxes, but the metadata omission is an inconsistency that could mislead users about what access the skill needs.
Instruction Scope
The runtime instructions and scripts perform broad inspections: they grep for risky tokens, enumerate URLs, list external path references, and read and output full text contents of many file types from the installed skill. Emitting full fileContents in the report could reveal secrets embedded in the audited repo. The audit script also builds grep patterns by concatenating string fragments and documents that it does so to 'avoid triggering static scanners' — that deliberate obfuscation is unexpected for a security tool and is a red flag.
Install Mechanism
There is no registry install spec (instruction-only), but package.json declares a dependency on 'novita-sandbox' and SKILL.md suggests installing the novitaclaw CLI via curl | bash. The user-run curl|bash instruction pulls a script from a remote host (novitaclaw.novita.ai); downloading/executing a remote install script has higher risk and should be verified. The included scripts run git clones of arbitrary repos into the sandbox (expected for a tester), but that behavior amplifies the need for isolation and scrutiny.
Credentials
The scripts require SANDBOX_ID, NOVITA_API_KEY and SKILL_NAME (and SKILL.md asks users to set NOVITA_API_KEY), which are proportionate to launching and managing a Novita sandbox — however these env vars are not declared in the registry metadata. The audit script also reads and outputs package/requirements files and arbitrary text files from the installed skill, which can expose sensitive data if present in the scanned repo. The skill requests more sensitive inputs than the metadata indicates.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system-wide agent settings. It executes its actions inside a Novita sandbox via the novita-sandbox API rather than on the host (as intended). Note: the skill can be invoked autonomously by the agent (default), which combined with other concerns increases blast radius — but autonomous invocation alone is not a reason to block.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-auditor-in-sandbox - After installation, invoke the skill by name or use
/skill-auditor-in-sandbox - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Version 1.0.3 of skill-auditor-in-sandbox
- No file changes detected.
- Documentation and functionality remain unchanged from the previous version.
v1.0.2
No code or documentation changes detected in this release.
- Version bump to 1.0.2
- No functional or documentation updates included
- Existing features and instructions remain unchanged
v1.0.1
- Updated documentation links from novitaclaw.novita.ai to novita.ai/docs/guides/novitaclaw.
- Security audit documentation improved: clarified suspicious code examples and external path references.
- Report workflow change: after generating a report, the sandbox is now automatically paused to save costs, and the user is informed how to resume or stop it.
- Minor clarifications to risk assessment criteria and report structure.
- No file/code changes other than SKILL.md documentation updates.
v1.0.0
Initial release. Launch NovitaClaw sandbox, install skill from ClawHub/GitHub, run security audit (suspicious patterns, URLs, external paths,
dependencies), and generate risk assessment report (LOW/MEDIUM/HIGH/CRITICAL).
Metadata
Frequently Asked Questions
What is Skill Auditor in Sandbox?
Launch a NovitaClaw (OpenClaw) sandbox, install a specified skill, and generate an installation & security audit report. Use when: (1) You want to test a com... It is an AI Agent Skill for Claude Code / OpenClaw, with 85 downloads so far.
How do I install Skill Auditor in Sandbox?
Run "/install skill-auditor-in-sandbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Auditor in Sandbox free?
Yes, Skill Auditor in Sandbox is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Auditor in Sandbox support?
Skill Auditor in Sandbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Auditor in Sandbox?
It is built and maintained by freecodewu (@freecodewu); the current version is v1.0.3.
More Skills