← 返回 Skills 市场
guyoung

Boxed HTTP Server

作者 guyoung · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ 安全检测通过
118
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install boxed-http-server
功能描述
WebAssembly sandbox static HTTP server with HTTP Basic auth and proxy support. Use when starting a static file server, configuring HTTP authentication, setti...
使用说明 (SKILL.md)

boxed-http-server

A lightweight static HTTP server based on WebAssembly sandbox, with support for HTTP Basic authentication and HTTP proxy/reverse proxy.

Trigger When

Use this skill when the user describes (触发场景):

  • Starting a static file server (启动静态文件服务器)
  • Configuring HTTP Basic authentication (配置 HTTP 认证)
  • Setting up HTTP proxy or reverse proxy (设置 HTTP 代理或反向代理)
  • Running a local development server (搭建本地开发服务器)
  • Deploying a static website (部署静态网站)
  • Adding authentication to a static site (为静态网站添加认证保护)

Prerequisites

  • openclaw-wasm-sandbox plugin: Must be installed and enabled, version >=0.4.0
  • wasm file download: Download required before first use

Download wasm File

wasm-sandbox-download({
  url: "https://raw.githubusercontent.com/guyoung/wasm-sandbox-openclaw-skills/main/boxed-http-server/files/boxed_http_server_component.wasm",
  dest: "~/.openclaw/skills/boxed-http-server/files/boxed_http_server_component.wasm"
})

Or via command line:

curl -L -o ~/.openclaw/skills/boxed-http-server/files/boxed_http_server_component.wasm \
  "https://raw.githubusercontent.com/guyoung/wasm-sandbox-openclaw-skills/main/boxed-http-server/files/boxed_http_server_component.wasm"

Start Static File Server

wasm-sandbox-serve({
  wasmFile: "~/.openclaw/skills/boxed-http-server/files/boxed_http_server_component.wasm",
  workDir: ["~/.openclaw/skills/boxed-http-server/files"]
})

Or via command line:

openclaw wasm-sandbox serve ~/.openclaw/skills/boxed-http-server/files/boxed_http_server_component.wasm \
  -i 192.168.1.100 -p 8080 --work-dir /path/to/website

HTTP Basic Authentication

Protect your website with username/password authentication:

wasm-sandbox-serve({
  wasmFile: "~/.openclaw/skills/boxed-http-server/files/boxed_http_server_component.wasm",
  workDir: ["~/.openclaw/skills/boxed-http-server/files"],
  args: ["--config-var", "username=admin", "--config-var", "password=admin"]
})

HTTP Proxy / Reverse Proxy

Proxy external APIs through the server. Requires allowedOutboundHosts for the target domain:

wasm-sandbox-serve({
  wasmFile: "~/.openclaw/skills/boxed-http-server/files/boxed_http_server_component.wasm",
  workDir: ["~/.openclaw/skills/boxed-http-server/files"],
  allowedOutboundHosts: ["https://httpbin.org"],
  args: ["--config-var", "proxy=\"[{\\\"path\\\": \\\"/httpbin\\\",\\\"target\\\" :\\\"https://httpbin.org\\\",\\\"headers\\\": {\\\"Authorization\\\": \\\"Bearer abcd1234\\\"}}]\""]
})

Combined Example: Static Site + API Proxy

Serve a static website while proxying external APIs to avoid CORS issues:

wasm-sandbox-serve({
  wasmFile: "~/.openclaw/skills/boxed-http-server/files/boxed_http_server_component.wasm",
  workDir: ["/home/user/website"],
  allowedOutboundHosts: ["https://api.weather.com", "https://wttr.in"],
  args: ["--config-var", "proxy=\"[{\\\"path\\\": \\\"/weather\\\",\\\"target\\\": \\\"https://wttr.in\\\"}]\""]
})

Then update your frontend to call /weather instead of the external API directly.

Parameters

Parameter Type Required Description
wasmFile string Yes Path to the wasm component file
workDir string[] Yes Website root directories (served as static files)
allowedOutboundHosts string[] No Allowed external domains for proxy mode
args string[] No Command-line args for auth and proxy config

CLI Options (for openclaw wasm-sandbox serve)

Option Short Description
--ip \x3Cip> -i Socket IP to bind to
--port \x3Cport> -p Socket port to bind to (0-65535)
--work-dir \x3Cdir> Website root directory
--config-var \x3Cvar> WASI config variables
--allowed-outbound-hosts \x3Chosts> Allowed external domains (proxy mode)

Available args Config

  • --config-var username=\x3Cusername> - Set Basic auth username
  • --config-var password=\x3Cpassword> - Set Basic auth password
  • --config-var proxy=\x3CJSON> - Set proxy rules in JSON format

proxy Config Format

[
  {
    "path": "/httpbin",
    "target": "https://httpbin.org",
    "headers": {
      "Authorization": "Bearer abcd1234"
    }
  }
]
Field Type Description
path string Proxy path prefix (requests matching this prefix will be proxied)
target string Target full URL
headers object Optional custom headers to add to the proxied request

Security Model

Boxed HTTP Server runs inside WebAssembly sandbox with capability-based security:

  • No implicit access: WASM module has zero access by default
  • Explicit grants only: Access must be explicitly allowed via configuration
  • Network isolation: Outbound network access is denied by default
  • Resource limits: Supports timeout, memory, stack size, and fuel limits

Architecture

User Request
    ↓
OpenClaw Gateway
    ↓
Wasm Sandbox Plugin
    ↓
boxed_http_server_component.wasm
    ↓
├── Static File Handler (workDir)
├── Basic Auth Handler (args: username/password)
└── Proxy Handler (args: proxy config)
    ↓
Response to Client

Example: Full Deployment

Deploy a static website at http://192.168.158.134:8080:

# 1. Download wasm file (if not exists)
curl -L -o ~/.openclaw/skills/boxed-http-server/files/boxed_http_server_component.wasm \
  "https://raw.githubusercontent.com/guyoung/wasm-sandbox-openclaw-skills/main/boxed-http-server/files/boxed_http_server_component.wasm"

# 2. Start server
openclaw wasm-sandbox serve \
  ~/.openclaw/skills/boxed-http-server/files/boxed_http_server_component.wasm \
  -i 192.168.158.134 \
  -p 8080 \
  --work-dir /home/user/website

Troubleshooting

Issue Solution
"wasm file not found" Run the download step first
"Connection refused" Check IP and port, ensure firewall allows access
"CORS errors in frontend" Use proxy mode to route external APIs through the server
"Authentication not working" Ensure username and password are set in args
"Proxy returns 403" Add target domain to allowedOutboundHosts
安全使用建议
This skill appears to do what it says, but before installing or running it: 1) Inspect and verify the wasm component (the raw.githubusercontent.com URL) — prefer a released artifact with a checksum or a trusted repo/maintainer. 2) Avoid placing secrets (API keys, bearer tokens, passwords) directly into static args/config; supply them via secure channels and short-lived tokens. 3) Run the server in an isolated/test environment first (not on production hosts), limit bind IP/port and firewall exposure, and restrict allowedOutboundHosts to only needed domains. 4) Review the openclaw-wasm-sandbox plugin version and its capability grants (ensure the wasm is given only the minimal network/file rights it needs). If you cannot validate the wasm binary's origin or contents, treat the download as untrusted and do not run it on sensitive systems.
功能分析
Type: OpenClaw Skill Name: boxed-http-server Version: 1.0.1 The boxed-http-server skill provides a WebAssembly-based static HTTP server with support for Basic authentication and reverse proxying. It downloads a WASM component from a GitHub repository (github.com/guyoung) and executes it within the OpenClaw WASM sandbox. While the skill requests file system and network access, these capabilities are directly aligned with its stated purpose of serving files and proxying requests, and no evidence of malicious intent or prompt injection was found in the instructions or configuration.
能力评估
Purpose & Capability
Name/description describe a wasm-based static HTTP server and the SKILL.md only requires the wasm-sandbox plugin and a wasm component file; no unrelated env vars, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are limited to downloading a wasm component into ~/.openclaw/skills/boxed-http-server/files, starting the wasm sandbox server, binding to IP/port, serving a workDir, and configuring optional proxy/auth. This stays within the stated purpose, but it explicitly writes a downloaded binary to disk and runs a network-facing server and proxy — both of which merit review before use. The examples also demonstrate embedding Authorization headers in proxy config (user-supplied secrets).
Install Mechanism
No formal install spec, but the SKILL.md instructs downloading a wasm file from https://raw.githubusercontent.com/... — GitHub raw is a common host, but the raw URL may contain arbitrary code. The wasm will be written to disk and executed by the wasm sandbox; consider verifying provenance and checksum of the wasm binary.
Credentials
The skill requests no environment variables or credentials. The only credential-like content appears in examples (proxy Authorization header) which are user-supplied configuration values — avoid embedding secrets in persistent args or public examples.
Persistence & Privilege
Skill is instruction-only, does not set always:true, and does not request system-wide config changes. It writes files under the skill directory (~/.openclaw/skills/...), which is expected for skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install boxed-http-server
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /boxed-http-server 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Expanded documentation with more usage scenarios and trigger conditions, including deployment, authentication protection, and static website use cases. - Added step-by-step CLI usage examples alongside code snippets. - Included a detailed security model and architecture overview. - Improved explanation of parameters and configuration, including CLI options and proxy config format. - Added troubleshooting section for common issues and solutions.
v1.0.0
Initial release of boxed-http-server. - Provides a lightweight static HTTP server using a WebAssembly sandbox. - Supports HTTP Basic authentication and HTTP proxy (including reverse proxy). - Requires the openclaw-wasm-sandbox plugin (version >= 0.4.0) and separate wasm file download. - Includes configuration options for static file roots, authentication credentials, proxy rules, and outbound host allowlists. - Suitable for quickly starting static servers, enabling authentication, setting up proxies, or running a local dev server.
元数据
Slug boxed-http-server
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Boxed HTTP Server 是什么?

WebAssembly sandbox static HTTP server with HTTP Basic auth and proxy support. Use when starting a static file server, configuring HTTP authentication, setti... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。

如何安装 Boxed HTTP Server?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install boxed-http-server」即可一键安装,无需额外配置。

Boxed HTTP Server 是免费的吗?

是的,Boxed HTTP Server 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Boxed HTTP Server 支持哪些平台?

Boxed HTTP Server 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Boxed HTTP Server?

由 guyoung(@guyoung)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论