← 返回 Skills 市场

AOI Sandbox Shield (Lite)

Name: AOI Sandbox Shield (Lite)
Author: edmonddantesj

作者 edmonddantesj · GitHub ↗ · v0.1.2

cross-platform ⚠ suspicious

870

总下载

当前安装

版本数

在 OpenClaw 中安装

/install aoi-sandbox-shield-lite

功能描述

Creates snapshots of critical config files, validates JSON configs for syntax and keys, and generates audit logs without applying changes.

使用说明 (SKILL.md)

AOI Sandbox Shield (Lite)

S-DNA: AOI-2026-0215-SDNA-SS02

What this is

A public-safe subset of “sandbox shield” focused on:

creating snapshots of critical workspace/config files
validating JSON config files (syntax + required keys)
producing an audit log artifact you can attach to release notes

What this is NOT (by design)

Does not apply configs
Does not restart gateways
Does not modify cron
Does not send messages externally

Commands

Create snapshot

node skill.js snapshot --reason="before publishing"

Validate config JSON (syntax + required keys)

node skill.js validate-config --path="$HOME/.openclaw/openclaw.json"

Output

All commands print JSON to stdout for easy logging.

Release governance (public)

We publish AOI skills for free and keep improving them. Every release must pass our Security Gate and include an auditable changelog. We do not ship updates that weaken security or licensing clarity. Repeated violations trigger progressive restrictions (warnings → publish pause → archive).

Support

Issues / bugs / requests: https://github.com/edmonddantesj/aoi-skills/issues
Please include the skill slug: aoi-sandbox-shield-lite

License

MIT (AOI original).

安全使用建议

This skill appears to do what it claims: create local snapshots of files in your OpenClaw workspace and validate a JSON config, and it does not contact external endpoints or ask for credentials. Before installing, verify you are comfortable with files being copied into ~/.openclaw/workspace/.sandbox_snapshots_lite (check ownership and permissions), ensure you have a Node runtime available (SKILL.md shows running with 'node'), and review snapshot contents before sharing them (they include file contents' hashes and copies of files such as AGENTS.md, SOUL.md, etc., which could contain sensitive data). Also note the registry metadata omits 'node' under required binaries and the skill's source/homepage in the manifest is minimal — if provenance is important, verify the GitHub/ClawHub links in SKILL.md and confirm you trust that publisher.

功能分析

Type: OpenClaw Skill Name: aoi-sandbox-shield-lite Version: 0.1.2 The `skill.js` file contains a `validateConfig` function that reads the content of an arbitrary file path provided via the `--path` argument using `fs.readFileSync`. While the stated purpose is to validate JSON, this capability allows reading any file the process has permissions for. The file content (or parsing error) is then printed to `stdout`. This creates an information disclosure vulnerability, as an attacker could potentially use prompt injection against the OpenClaw agent to read sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) and capture the output, even though the skill itself does not perform external data exfiltration. This is a risky capability without clear malicious intent within the code itself.

能力评估

✓ Purpose & Capability

Name/description promise snapshot + JSON validation and the code implements that: it reads specific files under the user's ~/.openclaw workspace, computes SHA-256 hashes, copies present files into a snapshot directory, and validates a provided JSON config for required keys. There are no extraneous service credentials, network calls, or unrelated binaries required by the implementation.

ℹ Instruction Scope

SKILL.md instructs running node skill.js for snapshot and validate-config; the code implements only local reads and writes under the user's home workspace and prints JSON to stdout. Minor note: SKILL.md doesn't explicitly state where snapshots are stored (the code creates ~/.openclaw/workspace/.sandbox_snapshots_lite), so users should expect on-disk snapshots in that location.

✓ Install Mechanism

No install spec; instruction-only usage plus a single JS file. No external downloads or package installs are performed. The skill requires a Node runtime to run (SKILL.md examples use node), but the registry metadata did not list 'node' under required binaries — this is a small metadata mismatch but not malicious.

✓ Credentials

The skill declares no required environment variables or credentials and indeed accesses only filesystem paths under the user's home. It does not request or read unrelated environment variables or secrets.

✓ Persistence & Privilege

always is false and the skill does not modify other skills or system-wide agent configuration. It writes snapshot files into a subdirectory of the user's workspace (~/.openclaw/workspace/.sandbox_snapshots_lite), which is within its stated scope.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install aoi-sandbox-shield-lite
安装完成后，直接呼叫该 Skill 的名称或使用 /aoi-sandbox-shield-lite 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.2

Docs: add GitHub Issues support link (aoi-skills).

v0.1.1

Docs: add release governance snippet + ClawHub link. Add MIT LICENSE file.

v0.1.0

Initial public-safe release: snapshot+validate only (no apply/restart/cron/messaging). MIT.

元数据

Slug aoi-sandbox-shield-lite

版本 0.1.2

许可证 —

累计安装 0

当前安装数 0

历史版本数 3

常见问题