← 返回 Skills 市场
Novita Sandbox
作者
piston4711
· GitHub ↗
· v0.1.8
· MIT-0
329
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install novita-sandbox
功能描述
Run browser operations and untrusted code in a secure Novita cloud sandbox (Firecracker VM). Use when: (1) browsing any external URL or website, (2) executin...
安全使用建议
This skill appears to implement a legitimate remote sandboxing tool, but pay attention before installing:
- The SKILL.md and scripts require NOVITA_API_KEY (and optionally NOVITA_DOMAIN), but the registry metadata does not declare these — don't assume no credentials are needed. Only supply an API key you trust and that is limited in scope.
- The runtime depends on the pip package 'novita-sandbox>=1.0.5' (SKILL.md instructs pip install). Verify the package source (PyPI project, maintainer, and release files) before installing to avoid supply-chain risk.
- The CLI can read/write local files via upload/download; if you invoke those commands the skill will access your filesystem. Be deliberate when uploading sensitive files.
- The CLI uses a private SDK call (Sandbox._create) with secure=False to force auto_pause behavior — this is a non-public API choice. Ask the maintainer why a private API and insecure flag are required.
- The SKILL.md warns that browser CDP mode is disabled due to a gateway bug; follow that guidance (never call config.patch) to avoid crashing the gateway.
If you plan to use this skill: confirm the origin and integrity of the 'novita-sandbox' Python package, ensure the API key you supply has minimal privileges and billing implications are acceptable, and prefer reviewing network traffic or service docs for the Novita endpoint before trusting sensitive data to the sandbox.
功能分析
Type: OpenClaw Skill
Name: novita-sandbox
Version: 0.1.8
The novita-sandbox skill is a legitimate tool designed to provide a secure execution environment for untrusted code and web browsing using Novita AI's Firecracker-based cloud sandboxes. The implementation in `scripts/sandbox.py` is a standard CLI wrapper for the `novita-sandbox` SDK, facilitating sandbox lifecycle management, command execution, and file transfers. The `SKILL.md` documentation includes proactive security instructions, such as warning the agent against uploading sensitive local credentials and advising against using specific platform functions (`config.patch`) that might cause instability, demonstrating a focus on safety and isolation.
能力评估
Purpose & Capability
Name/description match the included code: the CLI and SKILL.md implement creating/executing in Novita cloud sandboxes. However the registry metadata lists no required environment variables or primary credential, while the SKILL.md and CLI require NOVITA_API_KEY (and optionally NOVITA_DOMAIN). The required binary (python3) is appropriate, but the missing declaration of NOVITA_API_KEY in the registry is an incoherence that should be fixed.
Instruction Scope
SKILL.md and scripts restrict the intended use to remote/untrusted work, which matches the code. But the tool exposes upload/download that read/write local files (open local_path in upload/download), which means the skill can access arbitrary local files when invoked — this is expected for an upload/download feature, but it contradicts the SKILL.md 'DO NOT use this skill when: Reading/writing the user's local files' phrasing (ambiguous). The CLI enforces NOVITA_API_KEY presence and truncates outputs; it also instructs not to call config.patch. The instructions request installing a pip package (novita-sandbox>=1.0.5) and ask users not to modify the bundled script, so runtime behavior depends on that external package.
Install Mechanism
Registry lists brew/apt entries to install python3 (reasonable). The SKILL.md additionally instructs pip install of 'novita-sandbox>=1.0.5' (and scripts/requirements.txt references the same). That pip install is the real code dependency (moderate supply-chain risk). No arbitrary download URLs are used, but the pip package origin should be verified.
Credentials
Runtime requires NOVITA_API_KEY (mandatory) and NOVITA_DOMAIN (optional), which are proportional to a cloud sandbox service. The problem: the registry metadata did not declare these env vars/credential requirements — mismatch between declared requirements and actual runtime needs. The KEY is required and will be read from the environment by the CLI; ensure the key is scoped and trusted.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It runs as a user-invocable skill (and can be invoked autonomously by default), which is normal. No unexpected persistent privileges are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install novita-sandbox - 安装完成后,直接呼叫该 Skill 的名称或使用
/novita-sandbox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.8
Completely disable CDP mode. OpenClaw bug confirmed: config.patch unconditionally sends SIGUSR1 even with gateway.reload=hot (SIGUSR1 bypasses reload mode via separate restart-C7ane9OU.js code path). Removed all CDP sections. All browsing now via Exec mode only (curl/puppeteer/playwright). Added interactive page example with puppeteer script pattern. Rule 10: NEVER call config.patch for any reason.
v0.1.7
Add two-step browser mode decision: Step 1 judges by task type (prefer Exec/curl for text-only tasks, CDP only for interactive/visual tasks), Step 2 checks gateway.reload safety. Reduces unnecessary CDP usage and token costs.
v0.1.6
Explicitly forbid agent from using config.patch to modify gateway.reload or any gateway.* settings. Agent was self-modifying gateway.reload via config.patch which triggered SIGUSR1 crash. Added Rule 10 and multiple warnings: only user can manually edit openclaw.json for gateway settings.
v0.1.5
Setup Step 4: change from optional recommendation to REQUIRED user decision during install. Agent must present CDP vs Exec mode choice and wait for user response before proceeding. CDP remains blocked unless user explicitly configures gateway.reload=hot.
v0.1.4
Harden browser mode selection: CDP mode is now FORBIDDEN unless gateway.reload is "hot". Added Setup Step 4 requiring user to configure gateway.reload before CDP is available. Exec mode is the safe default. Prevents gateway crash from unconditional SIGUSR1 on config.patch.
v0.1.3
Redesign browser workflow: three-tier mode selection (CDP/ask user/exec fallback) based on gateway.reload setting. Fix SDK compatibility: use _create() for auto_pause=True support on PyPI novita_sandbox>=1.0.5. Add exec mode examples (curl, puppeteer, write-script pattern).
v0.1.1
Pin SDK version (novita-sandbox>=1.0.5), prevent agent from modifying sandbox.py
v0.1.0
Initial release: browser-chromium + code-interpreter-v1 templates, auto-pause lifecycle, cost-aware agent rules, CDP browser integration
元数据
常见问题
Novita Sandbox 是什么?
Run browser operations and untrusted code in a secure Novita cloud sandbox (Firecracker VM). Use when: (1) browsing any external URL or website, (2) executin... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 329 次。
如何安装 Novita Sandbox?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install novita-sandbox」即可一键安装,无需额外配置。
Novita Sandbox 是免费的吗?
是的,Novita Sandbox 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Novita Sandbox 支持哪些平台?
Novita Sandbox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Novita Sandbox?
由 piston4711(@piston4711)开发并维护,当前版本 v0.1.8。
推荐 Skills