← 返回 Skills 市场
108
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install morgana-mordred-security-sandbox
功能描述
Educational security training sandbox for AI agents. Contains 5 intentionally vulnerable systems with annotated vulnerability descriptions and tested patches...
安全使用建议
This skill appears to implement an offline security lab, but it contains several implementation choices that require caution:
- Do NOT run these scripts on a production host or in a privileged environment. The test runner and vulnerable systems execute shell commands, eval(), and arbitrary file reads/writes. Run only inside an isolated VM or Docker container with no access to sensitive mounts.
- Inspect and change SANDBOX_PATH in src/mordred_runner.py before running. It is hardcoded to /media/ezekiel/Morgana/sandbox/mordred and will create logs/results there; change it to a path you control (or make it relative/configurable).
- Review and remove any embedded secrets or tokens (data_leak and flawed_auth include test 'SECRETS' and SESSION_TOKEN). Treat them as test data, but consider whether they might be mistaken for real credentials.
- The 'vaccines' include code that manipulates builtins.__dict__ (vaccine_weak_sandbox). Running that code affects the running Python process. Ensure tests restore state (they attempt to) and run them in isolation.
- If your goal is to evaluate agent behavior, prefer spinning up the sandbox inside a disposable container image that has no network mounts and limited privileges. Verify no network calls are made and inspect subprocess invocation carefully.
- If you lack the ability to run in an isolated environment, do not install or execute this skill. If you proceed, consider auditing every file (especially modules that call subprocess, open files, or use eval/exec) and patching mordred_runner to use relative paths and to require an explicit --outdir or --sandbox-dir parameter.
功能分析
Type: OpenClaw Skill
Name: morgana-mordred-security-sandbox
Version: 2.0.0
The bundle is a security training sandbox ("Mordred") containing intentionally vulnerable Python scripts (SQL injection, RCE, race conditions, and data leaks) along with corresponding patches called "vaccines." While the stated purpose is educational and defensive, the bundle includes functional high-risk vulnerabilities, such as arbitrary code execution via eval() in 'src/systems/weak_sandbox.py' and shell command execution in 'src/mordred_runner.py'. Per the provided guidelines, the presence of these intentional vulnerabilities and risky capabilities, despite the lack of clear malicious intent or data exfiltration, requires a suspicious classification.
能力标签
能力评估
Purpose & Capability
Name/description claim an offline training sandbox and the included files implement that. However mordred_runner hardcodes SANDBOX_PATH to /media/ezekiel/... and will write logs and results to that absolute path instead of using the skill directory or a configurable path. That absolute path is unrelated to the skill metadata and suggests the code expects access to a specific user's filesystem — disproportionate to a shipping skill. The rest of the required capabilities (running tests, executing local Python files) are consistent with a sandbox, but the hardcoded paths and embedded 'SECRETS' constants (data_leak contains fake API keys/private_key/PII) are questionable for distribution.
Instruction Scope
SKILL.md instructs agents to run the provided Python test runner and vaccine scripts. The code invoked will execute arbitrary code: weak_sandbox exposes eval() and subprocess.run(shell=True), prompt_injection demonstrates injection strings, data_leak returns secrets defined in-code, and run_all tests execute each system via subprocess.run. Those behaviors are expected for a vulnerability lab, but the instructions give the agent permission to run those dangerous operations on whatever host it is invoked from — there's no explicit insistence in SKILL.md that this must be run only in an isolated container or VM (the failures section mentions Docker as a solution, but not as a hard requirement). Also the SKILL.md contains many prompt-injection example strings (e.g., 'ignore previous instructions', 'you are now') — these are present as examples and may trigger scanners; they are not runtime instructions to the evaluator but could be misused.
Install Mechanism
No install spec (instruction-only) — lower installation risk in general. However the skill includes 11 code files that the agent may execute directly. There are no downloads or external package installs in the manifest, which is good, but executing the included code still grants the code host privileges (file I/O, process execution).
Credentials
The skill declares no required env vars or credentials, which matches the manifest. Despite that, the runner writes to an absolute SANDBOX_PATH (/media/ezekiel/Morgana/...), creating/using directories outside the skill folder; this is disproportionate and unexpected. The code also contains hardcoded 'SECRETS' and 'SESSION_TOKEN' constants embedded in data_leak and flawed_auth — those are test data but could confuse users or be mistaken for real secrets. Several modules (weak_sandbox, race_condition) provide functions that can read/write arbitrary files and run shell commands; these require host-level filesystem and process access that goes beyond a simple read-only demo.
Persistence & Privilege
The skill is not always:true and does not declare persistent privileges. It does, however, modify and write to host filesystem locations (logs/results) when run. Some vaccine code (vaccine_weak_sandbox) temporarily replaces builtins.__dict__ and later restores it — that manipulation affects the running process and could have side effects if not restored correctly. There is no code that modifies other skills or agent configuration, but the absolute path writes and builtins replacement are privileged actions relative to a benign instruction-only skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install morgana-mordred-security-sandbox - 安装完成后,直接呼叫该 Skill 的名称或使用
/morgana-mordred-security-sandbox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
**Major update: Adds prompt injection vulnerabilities and vaccines, revises system architecture, and expands documentation.**
- Introduced a new `prompt_injection` system and corresponding `vaccine_prompt_injection.py`, increasing the vulnerable systems count to five.
- Removed deprecated text input test files.
- Refactored and updated core files and all system/vaccine modules for broader coverage and improved documentation.
- Overhauled and expanded the documentation with clearer overviews, updated instructions, detailed vulnerability and patch explanations, and ethical use guidance.
- Updated skill manifest (SKILL.md) with structured metadata, inputs, outputs, verification steps, and improved agent integration instructions.
v1.0.0
Educational security sandbox for AI agents. 5 intentionally vulnerable systems with annotated descriptions and tested patches.
元数据
常见问题
Morgana Mordred Security Sandbox 是什么?
Educational security training sandbox for AI agents. Contains 5 intentionally vulnerable systems with annotated vulnerability descriptions and tested patches... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 108 次。
如何安装 Morgana Mordred Security Sandbox?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install morgana-mordred-security-sandbox」即可一键安装,无需额外配置。
Morgana Mordred Security Sandbox 是免费的吗?
是的,Morgana Mordred Security Sandbox 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Morgana Mordred Security Sandbox 支持哪些平台?
Morgana Mordred Security Sandbox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Morgana Mordred Security Sandbox?
由 Kofna3369(@kofna3369)开发并维护,当前版本 v2.0.0。
推荐 Skills