← 返回 Skills 市场
lanbasara

Codespace Manager

作者 Lanbasara · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
525
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install codespace-manager
功能描述
Create, manage, and access isolated cloud development environments (codespaces) powered by code-server, Docker, and Cloudflare Tunnel. Pre-installed with Bun...
使用说明 (SKILL.md)

Codespace Manager

Manage isolated code-server development environments, similar to GitHub Codespaces. Each codespace runs in its own Docker container with a full VS Code editor accessible via browser through Cloudflare Tunnel.

Pre-installed Tools

The custom Docker image includes:

  • code-server (VS Code in browser)
  • Bun — JS/TS runtime + package manager
  • uv — Python package manager + virtual environments
  • OpenCode — AI coding assistant (CLI)
  • git, curl, wget, build-essential

First-Time Setup

Before creating any codespace, build the Docker image once:

bash scripts/codespace.sh setup

This builds codespace-manager:latest from assets/Dockerfile.txt. Only needed once per host.

Commands

Script location: scripts/codespace.sh (relative to this skill's directory)

# One-time image build
codespace setup

# Create codespace (optionally clone a repo and/or init OpenCode config)
codespace create \x3Cname>
codespace create \x3Cname> --git \x3Crepo-url>
codespace create \x3Cname> --opencode
codespace create \x3Cname> --git \x3Crepo-url> --opencode

# Lifecycle
codespace start \x3Cname>       # Start and get Cloudflare Tunnel URL
codespace stop \x3Cname>        # Stop container and tunnel
codespace restart \x3Cname>     # Stop then start (new URL)
codespace delete \x3Cname>      # Remove container + data (irreversible!)

# Info
codespace list               # List all codespaces with status
codespace status \x3Cname>      # Detailed status of one codespace
codespace logs \x3Cname>        # View container logs
codespace url \x3Cname>         # Regenerate tunnel URL

# Config
codespace password \x3Cpass>    # Set default password for new codespaces

Password Management

  • Default password: codespace
  • Set a custom default: codespace password \x3Cyour-password>
  • Override per-session via environment: CODESPACE_PASSWORD=mypass codespace create foo
  • Each codespace saves its password at creation time

Natural Language → Command Mapping

User says Command
"create a codespace called myapp" codespace create myapp
"create a codespace with opencode" codespace create \x3Cname> --opencode
"set up a dev environment for this repo" codespace create \x3Cname> --git \x3Curl> --opencode
"start / launch / open myapp" codespace start myapp
"stop / shut down myapp" codespace stop myapp
"delete / remove myapp" codespace delete myapp (confirm with user first!)
"list my codespaces" / "show environments" codespace list
"get the URL for myapp" codespace url myapp
"set password to xyz" codespace password xyz
"create a python project" codespace create \x3Cname> --opencode (uv is pre-installed)
"create a node/bun project" codespace create \x3Cname> --opencode (bun is pre-installed)

Architecture

  • Each codespace = isolated Docker container (codespace-manager:latest)
  • Project files persist at ~/codespaces/\x3Cname>/project on the host
  • Exposed via Cloudflare Quick Tunnel (free, auto HTTPS, temporary URL)
  • Each codespace gets a deterministic port (9000-9999, based on name hash)

Important Notes

  1. Run codespace setup before first use — it builds the Docker image
  2. Quick Tunnel URLs are temporary — they change on restart
  3. codespace delete is irreversible — confirm with user before executing
  4. Container data (outside /home/coder/project) does not persist across delete/recreate
  5. Requires: Docker, cloudflared, jq installed on the host

OpenCode Config

When --opencode is used, a opencode.json is created in the project root with:

{
  "$schema": "https://opencode.ai/config.json",
  "model": "anthropic/claude-sonnet-4-5",
  "autoupdate": true
}

Users can edit this file in code-server to change the model or add provider keys.

安全使用建议
Before installing or running this skill: (1) expect it to build a Docker image and create directories under ~/codespaces, start containers, and expose code-server to the internet via Cloudflare Quick Tunnel; only run on a machine you control or an isolated VM. (2) Review the Dockerfile and the install scripts it calls (bun.sh, astral.sh, opencode.ai); they are fetched and executed at build time (curl | bash) — consider pinning to known release artifacts or adding checksum verification. (3) Change the default password and avoid leaving the default 'codespace' in .default_password (it is stored in plaintext); consider using a secure secret mechanism. (4) Confirm you trust any repositories you allow the skill to clone, since it will mount project dirs into containers. (5) The package metadata omitted required host dependencies (Docker, cloudflared, jq); verify those are present. If the publisher identity, signed release artifacts for installers, or safer install steps (no remote curl|bash) are provided, my confidence would increase and many concerns would be mitigated.
功能分析
Type: OpenClaw Skill Name: codespace-manager Version: 1.0.0 The skill is classified as suspicious due to a critical path traversal vulnerability in `scripts/codespace.sh`. The `name` parameter, which is user-controlled, is used directly in path constructions (e.g., `mkdir -p "$CODESPACE_BASE/$name"`, `rm -rf "$workspace"`), allowing an attacker to use `../` to create or delete arbitrary directories on the host system. Additionally, `assets/Dockerfile.txt` uses `curl | bash` for installing several tools (Bun, uv, OpenCode) from external domains (bun.sh, astral.sh, opencode.ai), posing a significant supply chain risk if any of these sources were compromised. While the skill's stated purpose is legitimate, these vulnerabilities introduce substantial security risks to the host system.
能力评估
Purpose & Capability
The skill claims to manage code-server codespaces (expected to need Docker, cloudflared, jq), but the registry metadata declares no required binaries/env — a mismatch. The script operates on the host (~/codespaces), builds Docker images, clones arbitrary git repos, and exposes services via Cloudflare tunnels; those capabilities align with the stated purpose but require host-level privileges that should have been declared.
Instruction Scope
SKILL.md and scripts instruct the agent to build a Docker image, clone arbitrary git repositories into ~/codespaces/<name>/project, persist per-codespace passwords (default 'codespace') on disk, and start cloudflared tunnels that expose code-server to the public trycloudflare domain. These actions are within the advertised functionality but include broad file system changes, network exposure, and storage of plaintext passwords — all of which should be explicitly highlighted to users.
Install Mechanism
There is no platform install spec (instruction-only), but the included Dockerfile downloads and executes remote install scripts via curl | bash from bun.sh, astral.sh, and opencode.ai. Fetching and piping installers from external URLs without signatures is a supply‑chain risk and should be reviewed/locked down before use.
Credentials
The skill does not request cloud provider keys or unrelated credentials (good), but it uses and persists CODESPACE_PASSWORD (default weak value 'codespace') and stores it in $CODESPACE_BASE/.default_password and per-codespace metadata in plaintext. The registry metadata omitted declaring required host tools (Docker, cloudflared, jq) that the script depends on.
Persistence & Privilege
always:false (not force-included). The skill creates persistent host state (~/codespaces), builds a Docker image, and launches containers with --restart=unless-stopped — meaning long-lived processes and tunnels. This is expected for a codespace manager but increases blast radius if misused.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install codespace-manager
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /codespace-manager 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: code-server based codespace manager with Bun, uv, OpenCode pre-installed. Cloudflare Tunnel for access.
元数据
Slug codespace-manager
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Codespace Manager 是什么?

Create, manage, and access isolated cloud development environments (codespaces) powered by code-server, Docker, and Cloudflare Tunnel. Pre-installed with Bun... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 525 次。

如何安装 Codespace Manager?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install codespace-manager」即可一键安装,无需额外配置。

Codespace Manager 是免费的吗?

是的,Codespace Manager 完全免费(开源免费),可自由下载、安装和使用。

Codespace Manager 支持哪些平台?

Codespace Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Codespace Manager?

由 Lanbasara(@lanbasara)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论