← 返回 Skills 市场
Multi-Agent Sandbox
作者
Erwan Lee Pesle
· GitHub ↗
· v1.0.0
371
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install multi-agent-sandbox
功能描述
Setup multi-agent sandbox infrastructure with Docker, Discord, SSH, and Tailscale. Use when: (1) creating a sandboxed agent for cross-gateway collaboration,...
安全使用建议
This skill appears to do what it says, but it requires you to make host‑level, persistent changes (systemd services, firewall rules, network bridges) and to give sandbox agents many powerful capabilities (exec/process, sessions_send). Before installing: (1) only run this on a dedicated host or VM you control; do not use your main agent host; (2) restrict socat binds to the smallest necessary IPs and verify the exact unit files before enabling them; (3) use per‑agent Discord bot tokens with minimal scopes and do not reuse main agent credentials; (4) limit sandbox tool allowlists — remove exec/process or reduce workspace access if possible; (5) use Tailscale ACLs/exit node settings to restrict routes and audit connections; (6) rebuild and inspect the sandbox Docker image locally (avoid pulling unvetted images); and (7) log and monitor the created services and network flows so you can quickly revoke access. If you are unsure about any host commands or the source of this skill, ask the author for justification, a threat model, or a reviewed implementation before proceeding.
功能分析
Type: OpenClaw Skill
Name: multi-agent-sandbox
Version: 1.0.0
The skill bundle provides a detailed architectural guide and configuration templates for setting up a multi-agent sandbox environment using Docker, Discord, and Tailscale. The instructions in SKILL.md focus on legitimate infrastructure setup, including socat-based networking bridges to allow sandboxed containers to access a shared VPS via the host's Tailscale connection. The provided agent configurations include proactive security measures such as read-only root filesystems and explicit tool allowlists/denylists, showing no signs of malicious intent or data exfiltration.
能力评估
Purpose & Capability
The SKILL.md describes exactly the advertised purpose: creating Docker sandbox agents that communicate cross‑gateway via Discord, socat bridges, and Tailscale. The requested actions (adding SSH client to the image, creating socat bridges, configuring Tailscale, and per-agent allowlists) are consistent with that purpose. However, some required host actions (systemd services and firewall rules) are high privilege — they are explainable by the stated architecture but are substantial and should be expected only if you intend to modify host networking.
Instruction Scope
The runtime instructions direct the operator to perform host‑level changes: create systemd units, modify ufw rules, bind network listeners on the host's docker0 interface, and rebuild/force‑remove containers. They also instruct enabling powerful sandbox tools (exec, process, read, write, apply_patch, sessions_send, sessions_spawn). These steps go beyond simply configuring an isolated container and create persistent bridging paths between containers, host, VPS, and external gateways — increasing the risk of unintended data exposure or lateral access if misconfigured.
Install Mechanism
This is an instruction‑only skill (no install spec, no code files), so there is no automated download or archive extraction risk from the skill itself. The risk comes from the manual commands it instructs you to run on your systems.
Credentials
The skill requires external credentials and services in practice (Discord bot tokens, a Tailscale network, and a shared VPS) but declares no required environment variables in metadata. Asking operators to provision Discord bot tokens and Tailscale is reasonable for the described feature, but the skill also recommends enabling many powerful agent tools and cross‑agent allowlists, increasing the chance of sensitive data flow. The absence of declared env vars is an inconsistency that reduces transparency.
Persistence & Privilege
The instructions create long‑running host services (systemd socat units) and firewall rules that persist beyond a single agent session, establishing continuous network bridges between local containers, host, and a remote VPS. Although the skill is not flagged 'always:true', these persistent host changes effectively grant ongoing network access and increase the blast radius if an agent or image is compromised. The skill also advocates wide tool permissions (sessions_spawn, sessions_send) which can create long‑lived A2A channels.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install multi-agent-sandbox - 安装完成后,直接呼叫该 Skill 的名称或使用
/multi-agent-sandbox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: sandboxed agents, Discord multi-bot, socat bridges, Tailscale mesh, per-agent A2A allowlists (PR #39102)
元数据
常见问题
Multi-Agent Sandbox 是什么?
Setup multi-agent sandbox infrastructure with Docker, Discord, SSH, and Tailscale. Use when: (1) creating a sandboxed agent for cross-gateway collaboration,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 371 次。
如何安装 Multi-Agent Sandbox?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install multi-agent-sandbox」即可一键安装,无需额外配置。
Multi-Agent Sandbox 是免费的吗?
是的,Multi-Agent Sandbox 完全免费(开源免费),可自由下载、安装和使用。
Multi-Agent Sandbox 支持哪些平台?
Multi-Agent Sandbox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Multi-Agent Sandbox?
由 Erwan Lee Pesle(@superworldsavior)开发并维护,当前版本 v1.0.0。
推荐 Skills