← 返回 Skills 市场
732
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install astra-docker
功能描述
Interact with Astra's Docker container workspace by executing commands and reading or writing files at /workspace inside the astra-env container.
使用说明 (SKILL.md)
cat \x3C\x3C'EOF' > ~/.openclaw/workspace/skills/astra-docker/SKILL.md
name: astra-docker description: "Execute commands, read files, and write files in Astra's Docker container workspace (astra-env). Use this skill whenever you need to interact with your virtual environment at /workspace."
Docker Workspace Access
You have a persistent Docker container called astra-env with a workspace mounted at /workspace.
How to Use
Use the bash tool to run commands inside the container:
Execute a command
sudo docker exec -w /workspace astra-env bash -c "YOUR_COMMAND_HERE"
安全使用建议
This skill runs arbitrary shell commands inside a container using 'sudo docker exec' and can read/write files in /workspace. Before installing: (1) confirm you trust the environment and the container name 'astra-env' exists; (2) understand that it requires access to the docker daemon (sudo) even though the metadata doesn't declare that—this is effectively elevated local privilege; (3) review index.js yourself for unsafe quoting/escape edge cases and consider restricting allowed commands or paths; (4) do not install on machines with sensitive mounts or exposed host docker socket unless you fully trust the skill and its maintainer. If you need only a narrow set of operations, prefer a version that limits commands or declares required binaries/permissions explicitly.
功能分析
Type: OpenClaw Skill
Name: astra-docker
Version: 1.0.0
The skill is classified as suspicious due to multiple shell injection vulnerabilities in `index.js`. Both the `docker_exec` and `docker_write_file` tools construct shell commands using user-provided input (`command`, `workdir`, `filepath`) without adequate sanitization, allowing an attacker or a misbehaving agent to execute arbitrary commands inside the `astra-env` Docker container. While the skill's stated purpose is to interact with a Docker container, these vulnerabilities represent a significant security risk, even though there is no clear evidence of intentional malicious behavior (e.g., data exfiltration or backdoor installation).
能力评估
Purpose & Capability
The skill's stated purpose is to interact with an Astra Docker workspace at /workspace (reasonable). However the skill implicitly requires access to the docker daemon (it runs 'sudo docker exec ...') and the presence of a container named 'astra-env'—none of which are declared in the registry metadata (no required binaries or config). That mismatch between claimed requirements and actual capabilities is incoherent.
Instruction Scope
SKILL.md and index.js both instruct the agent to execute arbitrary shell commands inside the container and to write arbitrary files into the workspace. While that fits the stated goal of workspace interaction, it also gives the skill the ability to read and transmit any data accessible inside the container (and, depending on mounts, on the host). The instructions give broad discretion (run any command) without constraints, increasing risk of exfiltration or unintended host effects.
Install Mechanism
There is no install spec (instruction-only with a code file present). No external downloads or install steps are specified, which is lower risk from an installation perspective. The included index.js is a small module that invokes child_process.exec; its presence is expected for this functionality.
Credentials
The skill declares no required environment variables or credentials, but it depends on sudo and docker socket access to run commands as root in a container. Requesting no declared binaries/credentials while requiring elevated local privileges is disproportionate and under-specified. No safeguards or explicit consent prompts are described.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide configuration changes. The skill can be invoked autonomously (default), which increases blast radius if abused, but that alone is not a disqualifier—there are no additional privileged persistence claims.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install astra-docker - 安装完成后,直接呼叫该 Skill 的名称或使用
/astra-docker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of astra-docker skill.
- Enables executing commands, reading, and writing files inside Astra's Docker container workspace at /workspace.
- Provides usage instructions for accessing the virtual environment using the bash tool.
元数据
常见问题
Astra Docker 是什么?
Interact with Astra's Docker container workspace by executing commands and reading or writing files at /workspace inside the astra-env container. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 732 次。
如何安装 Astra Docker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install astra-docker」即可一键安装,无需额外配置。
Astra Docker 是免费的吗?
是的,Astra Docker 完全免费(开源免费),可自由下载、安装和使用。
Astra Docker 支持哪些平台?
Astra Docker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Astra Docker?
由 walniek(@walniek)开发并维护,当前版本 v1.0.0。
推荐 Skills