功能描述

Create and manage isolated cloud sandboxes for secure, remote code execution, browser automation, and temporary development environments via CLI, API, or Pyt...

使用说明 (SKILL.md)

ScaleBox Sandbox Skill

Name: Cloudsway ScaleBox Sandbox
Author: gloriathepenguin

Create and manage isolated cloud sandboxes for secure code execution.

When to Use

Running untrusted code in an isolated environment
Browser automation (browser-use, computer-use templates)
Testing scripts that may have side effects
Remote code execution without local resource impact
Creating temporary development environments

Prerequisites

1. Get API Key

Register at ScaleBox Dashboard to get your API key.

Set environment variable:

export SCALEBOX_API_KEY="your-api-key-here"

2. Install CLI

Download the official CLI from ScaleBox Documentation:

# Visit official docs for platform-specific downloads
# https://www.scalebox.dev/docs/en/cli/installation

# After installation, authenticate:
scalebox-cli auth login --api-key $SCALEBOX_API_KEY --server-url https://api.scalebox.dev

Security Note: Always download CLI from official sources. Verify checksums when available.

3. Server URL

https://api.scalebox.dev

Port Access URL Format

Important: ScaleBox uses port prefixes, not port suffixes.

Method 1: Specify ports at creation time (Recommended)

Use API to specify custom_ports when creating the sandbox:

curl -X POST "https://api.scalebox.dev/v1/sandboxes" \
  -H "X-API-Key: $SCALEBOX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "template": "base",
    "name": "my-sandbox",
    "timeout": 3600,
    "custom_ports": [
      {"port": 8080, "name": "web-server", "protocol": "TCP"}
    ]
  }'

Method 2: Add port to running sandbox

If you need to add a port after creation:

# CLI
scalebox-cli sandbox port add \x3Csandbox-id> --port 8080 --name web-server --protocol TCP

# API
curl -X POST "https://api.scalebox.dev/v1/sandboxes/{sandbox_id}/ports" \
  -H "X-API-Key: $SCALEBOX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"port": 8080, "name": "web-server", "protocol": "TCP"}'

Access URL Format

Format: https://{port}-{sandbox_domain}/path

Example:

Sandbox domain: sbx-abc123.k27xn5o3lnw5dan3x.scalebox.dev
Port: 8080
Correct URL: https://8080-sbx-abc123.k27xn5o3lnw5dan3x.scalebox.dev/
❌ Wrong: https://sbx-abc123.k27xn5o3lnw5dan3x.scalebox.dev:8080/

Available Templates

Template	CPU	Memory	Use Case
base	2	512MB	Basic sandbox
code-interpreter	2	1GB	Jupyter environment
browser-use	2	2GB	Browser automation (VNC)
browser-use-headless	4	4GB	Browser automation (headless)
desktop	8	8GB	Desktop environment (VNC)
computer-use-preview	2	2GB	Google Computer Use

Three Ways to Use ScaleBox

Method	Best For	Notes
CLI	File operations, command execution	Most powerful, cross-platform
REST API	Lifecycle management	Auth via `X-API-Key` header
Python SDK	Programmatic access	`pip install scalebox-sdk`

Method 1: CLI Commands

1.1 Sandbox Lifecycle

# Create sandbox
scalebox-cli sandbox create --template \x3Cname> --name \x3Cname> --timeout \x3Cseconds>

# List sandboxes
scalebox-cli sandbox list

# Get sandbox details
scalebox-cli sandbox get \x3Csandbox-id>

# Pause sandbox (preserves state)
scalebox-cli sandbox pause \x3Csandbox-id>

# Resume paused sandbox
scalebox-cli sandbox resume \x3Csandbox-id>

# Terminate sandbox immediately
scalebox-cli sandbox terminate \x3Csandbox-id>

# Delete sandbox and resources
scalebox-cli sandbox delete \x3Csandbox-id>

Create parameters:

--template: Template name or ID (default: base)
--name: Sandbox name (optional, auto-generated)
--timeout: Timeout in seconds (default: 300)
--cpu: CPU count (minimum: 2)
--memory: Memory in MB
--storage: Storage in GB
--async: Fire-and-forget mode - returns immediately, sandbox may still be starting. You must poll status yourself.
--auto-pause: Pause on timeout instead of terminate

Important: async vs sync:

Sync mode (default, no --async): Waits for sandbox to be fully running before returning. The returned sandbox is ready to use.
Async mode (--async): Returns immediately after creating the request. The sandbox may still be starting. You must poll sandbox get \x3Cid> until status: running before using it.

# Sync mode (recommended) - sandbox is ready when command returns
scalebox-cli sandbox create --template base --timeout 600
# Output includes sandbox ID, ready to use

# Async mode - need to wait
scalebox-cli sandbox create --template base --timeout 600 --async
# Returns immediately, sandbox may still be starting
# Must poll: scalebox-cli sandbox get \x3Cid> until status is "running"

1.2 File Operations

# Upload file
scalebox-cli sandbox upload \x3Csandbox-id> \x3Clocal-path> \x3Cremote-path>

# Upload directory recursively
scalebox-cli sandbox upload \x3Csandbox-id> ./project /workspace/project --recursive

# Download file
scalebox-cli sandbox download \x3Csandbox-id> \x3Cremote-path> \x3Clocal-path>

# List files
scalebox-cli sandbox ls \x3Csandbox-id> \x3Cremote-path>

Note: Remote path must be absolute (e.g., /workspace/file.py).

1.3 Command Execution

# Execute command
scalebox-cli sandbox exec \x3Csandbox-id> "\x3Ccommand>"

# With working directory
scalebox-cli sandbox exec \x3Csandbox-id> "python3 script.py" --cwd /workspace

# With timeout
scalebox-cli sandbox exec \x3Csandbox-id> "npm install" --timeout 120

Method 2: REST API

2.1 Authentication

All requests require X-API-Key header:

curl -H "X-API-Key: $SCALEBOX_API_KEY" https://api.scalebox.dev/v1/sandboxes

2.2 Sandbox Endpoints

Operation	Method	Endpoint
Create sandbox	POST	`/v1/sandboxes`
List sandboxes	GET	`/v1/sandboxes`
Get sandbox	GET	`/v1/sandboxes/{id}`
Delete sandbox	DELETE	`/v1/sandboxes/{id}`
Pause sandbox	POST	`/v1/sandboxes/{id}/pause`
Resume sandbox	POST	`/v1/sandboxes/{id}/resume`

Note: File operations (upload/download/exec) are only available via CLI or SDK.

2.3 API Example

# Create sandbox
curl -X POST "https://api.scalebox.dev/v1/sandboxes" \
  -H "X-API-Key: $SCALEBOX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"template": "base", "name": "my-sandbox", "timeout": 600}'

Method 3: Python SDK

3.1 Installation

pip install scalebox-sdk

Module name: scalebox (not scalebox_sdk)

3.2 Basic Usage

import scalebox
import os

# Create sandbox
sandbox = scalebox.Sandbox.create(
    template="base",
    timeout=600,
    api_key=os.environ.get("SCALEBOX_API_KEY")
)

print(f"Sandbox ID: {sandbox.sandbox_id}")

# Get signed URLs for file operations
upload_url = sandbox.upload_url(path="/workspace/test.py")
download_url = sandbox.download_url(path="/workspace/output.json")

# Kill sandbox
sandbox.kill()

Typical Workflow

# 1. Create sandbox
sandbox_id=$(scalebox-cli sandbox create --template code-interpreter --name my-task --async | grep "Sandbox ID:" | awk '{print $3}')

# 2. Upload code
scalebox-cli sandbox upload $sandbox_id ./script.py /workspace/script.py

# 3. Execute
scalebox-cli sandbox exec $sandbox_id "python3 /workspace/script.py"

# 4. Download results
scalebox-cli sandbox download $sandbox_id /workspace/output.json ./output.json

# 5. Cleanup
scalebox-cli sandbox delete $sandbox_id

Security Notes

Sandboxes are completely isolated from local machine
All file paths must be absolute (no .. traversal)
Internet access enabled by default (disable with --internet=false)
Credentials never stored in database
Minimum CPU: 2 cores
Always download CLI from official sources

Error Handling

Error	Solution
`CPU count must be at least 2`	Use `--cpu 2` or higher
`health check timeout`	Check status with `sandbox get`
`Sandbox not found`	Verify sandbox ID
`Timeout exceeded`	Create new sandbox

Links

Official Website: https://www.scalebox.dev
Documentation: https://www.scalebox.dev/docs
CLI Installation: https://www.scalebox.dev/docs/en/cli/installation
API Reference: https://www.scalebox.dev/docs/en/api

Version

Skill: 1.0.5
CLI: v1.3.4
SDK: v0.1.9
API: v1

Last updated: 2026-03-21

安全使用建议

Before installing or enabling this skill: - Confirm the skill's provenance: there is no homepage/source repo listed. Prefer skills with a known vendor or repository. - Verify the declared requirements: skill.json and SKILL.md expect SCALEBOX_API_KEY and availability of 'scalebox-cli' and 'curl', but the registry summary above showed none — clarify which is authoritative. - Limit risk of credential misuse: only provide a scoped ScaleBox API key (least privilege) and consider using a short-lived key that can be rotated. - Verify CLI download integrity: follow the SKILL.md advice to fetch the official CLI from https://www.scalebox.dev and verify checksums if available. - Understand the capabilities: this skill can upload files and execute commands in remote sandboxes — a compromised or misconfigured ScaleBox API key could let an attacker run code on your cloud account or exfiltrate data to sandbox endpoints. Monitor sandbox creation/activity and revoke keys if suspicious. - If you need higher assurance, ask the publisher for a source repo, release signatures, and a privacy/security statement. If you cannot validate the source, treat the skill as untrusted.

功能分析

Type: OpenClaw Skill Name: cloudsway-scalebox-sandbox Version: 1.0.5 The skill bundle provides a legitimate interface for managing isolated cloud sandboxes via the ScaleBox service (scalebox.dev). It includes comprehensive instructions for the AI agent to use the ScaleBox CLI, REST API, and Python SDK for tasks such as environment creation, file transfers, and remote code execution. No evidence of malicious intent, data exfiltration from the host machine, or prompt injection was found in SKILL.md or skill.json.

能力评估

✓ Purpose & Capability

SKILL.md describes creating/managing cloud sandboxes and shows API/CLI/SDK usage. The operations it instructs (create sandboxes, open ports, upload/download files, exec commands) align with that purpose.

✓ Instruction Scope

Runtime instructions are scoped to ScaleBox operations (curl to api.scalebox.dev, scalebox-cli commands, file uploads, command exec inside sandboxes). They do not instruct reading arbitrary local files or unrelated credentials. The README explicitly tells the user to obtain and set SCALEBOX_API_KEY and to install the official CLI.

ℹ Install Mechanism

This is an instruction-only skill (no install spec, no code files) which lowers risk of hidden code. The SKILL.md directs users to download/verify an official CLI; that is reasonable. Note: skill.json lists runtime commands including 'scalebox-cli' and 'curl' which implies those binaries must exist — but the registry metadata above reported 'Required binaries: none' creating an inconsistency to resolve.

ℹ Credentials

The skill requires a single ScaleBox API key (SCALEBOX_API_KEY) which is appropriate for the described tasks. However, the top-level registry metadata you were shown lists no required env vars while skill.json marks SCALEBOX_API_KEY as required—this mismatch should be clarified. Ensure any provided API key has minimal scope and short TTL if possible.

✓ Persistence & Privilege

The skill does not request 'always: true' or any system config paths, and is instruction-only so it does not install persistent binaries. It does require network access (calls to api.scalebox.dev) which is expected for a cloud sandbox controller.

版本历史

v1.0.5

v1.0.5 highlights improved documentation and clarity for using ScaleBox Sandbox. - Added comprehensive SKILL.md with detailed setup steps, CLI/API/SDK usage, and security notes. - Clarified port access mechanism—use port prefixes in URLs when connecting to sandbox services. - Documented available sandbox templates with specifications for CPU, memory, and use cases. - Expanded guidance for typical workflows, including sandbox lifecycle, file operations, and command execution. - Provided best-practice security advice and troubleshooting information.

v1.0.4

ScaleBox Sandbox Skill v1.0.4 - Added detailed SKILL.md covering use cases, prerequisites, and three usage methods (CLI, REST API, Python SDK). - Explained sandbox lifecycle management, file operations, and command execution via CLI commands. - Documented API authentication, endpoints, and usage examples. - Provided SDK install/usage examples and a typical workflow. - Included port access URL format, available templates, security notes, and error handling guidance. - Linked to official documentation and resources.

v1.0.3

- Added detailed SKILL.md with instructions for setup, usage, and best practices for ScaleBox Sandboxes. - Explained port access URL format and provided correct usage examples. - Listed available templates and their specs. - Included step-by-step guides for CLI, REST API, and Python SDK methods. - Documented common workflows, error handling, security notes, and helpful links. - Updated version references for Skill, CLI, SDK, and API.

v1.0.2

- Added SKILL.md documentation detailing setup, usage, and workflows for ScaleBox Sandbox Skill. - Describes prerequisites including API key and CLI installation. - Documents CLI, REST API, and Python SDK usage for sandbox management. - Provides example commands for file operations, code execution, and sandbox lifecycle. - Lists available templates, typical workflows, security notes, error handling, and resource links. - Version references updated to latest supported components.

v1.0.1

ScaleBox Sandbox Skill 1.0.1 - Adds comprehensive SKILL.md documentation for setup and usage. - Details prerequisites, including API key registration and CLI installation. - Lists available sandbox templates, resources, and use cases. - Explains three methods to use ScaleBox: CLI, REST API, and Python SDK, with examples for each. - Includes command references for sandbox lifecycle, file operations, command execution, and common error solutions. - Provides links to official documentation and resources.

v1.0.0

ScaleBox Sandbox Skill 1.0.0 - Introduces the skill for creating and managing fully isolated cloud sandboxes for secure code execution. - Supports three usage methods: CLI, REST API, and Python SDK, with detailed instructions and examples for each. - Provides ready-to-use sandbox templates for common use cases (code execution, browser automation, development environments). - Documents lifecycle management, file operations, and command execution workflows using CLI, with batch support. - Includes security guidelines and recommended workflows for typical tasks such as running scripts and browser automation. - Lists prerequisites and authentication methods across all interfaces.

元数据

Slug cloudsway-scalebox-sandbox

版本 1.0.5

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 6

常见问题

Cloudsway ScaleBox Sandbox 是什么？

Create and manage isolated cloud sandboxes for secure, remote code execution, browser automation, and temporary development environments via CLI, API, or Pyt... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 119 次。

如何安装 Cloudsway ScaleBox Sandbox？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cloudsway-scalebox-sandbox」即可一键安装，无需额外配置。

Cloudsway ScaleBox Sandbox 是免费的吗？

是的，Cloudsway ScaleBox Sandbox 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Cloudsway ScaleBox Sandbox 支持哪些平台？

Cloudsway ScaleBox Sandbox 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Cloudsway ScaleBox Sandbox？

由 gloriathepenguin（@gloriathepenguin）开发并维护，当前版本 v1.0.5。

Cloudsway ScaleBox Sandbox