← 返回 Skills 市场
841
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install sandboxer-tmux
功能描述
Dispatch coding tasks to tmux sessions via Sandboxer. Use when you need to spawn Claude Code, Gemini, OpenCode, bash, or lazygit sessions in workspace repos, monitor their progress, or send them commands.
安全使用建议
This skill is coherent with its stated goal (controlling tmux sessions and repo workspaces), but it requires trusting a high‑privilege, unauthenticated local service that can run commands and read/write files under /root. Only install/use on a dedicated, fully isolated machine you control. Before enabling: verify the actual Sandboxer server implementation (source code, auth options), restrict access to localhost and firewall outbound callbacks, avoid running as root if possible, limit agent autonomy, and do not use it on shared or production hosts. The notify_url feature can leak session output to external endpoints — treat it as a potential exfiltration vector unless you control the callback endpoints.
功能分析
Type: OpenClaw Skill
Name: sandboxer-tmux
Version: 1.0.1
This skill is highly suspicious due to its extremely broad capabilities and the explicit instructions for its use. It provides full shell access (`type=bash`), arbitrary command execution (`/api/send`), and file read/write access (`/api/workspace/W/file/PATH`) via an unauthenticated API exposed on `localhost:8081`. The `SKILL.md` explicitly states it grants 'full access to tmux sessions, workspace files, and terminal output on your server' and is 'Intended for dedicated AI machines where agents run with root access.' While these capabilities might align with its stated purpose of dispatching coding tasks, they create a massive attack surface, enabling full system compromise if the agent or the local machine is compromised. The lack of authentication on localhost for such powerful operations is a critical vulnerability.
能力评估
Purpose & Capability
The name/description (dispatch tasks to tmux sessions / Sandboxer) align with the API endpoints and workspace operations described in SKILL.md. Access to workspace repos, tmux sessions, and commit APIs is consistent with the stated purpose.
Instruction Scope
SKILL.md instructs agents to read/write files under /root/workspaces, spawn and control shells (send keystrokes), capture full terminal output, and auto‑commit changes. Those actions go far beyond simple metadata queries: they allow arbitrary command execution and reading/writing repository contents. The doc also documents a POST create with notify_url (external callback) which could be used to exfiltrate data.
Install Mechanism
Instruction-only skill with no install spec or code files. That reduces risk from hidden installers or downloaded artifacts; nothing will be written/installed by the skill package itself.
Credentials
The skill declares no env vars or credentials, but the instructions presume an unauthenticated Sandboxer service on localhost:8081 and a workspace rooted at /root/workspaces (explicitly intended for agents running as root). Lack of any authentication requirement in the instructions is a notable security omission for a service that exposes powerful filesystem and command capabilities.
Persistence & Privilege
always:false (good), but the platform default allows autonomous invocation. Combined with the skill's ability to run arbitrary commands, read/write files under /root, capture terminal output, and trigger external notify_url callbacks, autonomous invocation increases risk. The skill does not request persistent installation, but its runtime privileges are high.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sandboxer-tmux - 安装完成后,直接呼叫该 Skill 的名称或使用
/sandboxer-tmux触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Add power-user disclaimer
v1.0.0
Initial release of Sandboxer — tmux task dispatcher
- Launch, monitor, and control coding sessions (Claude Code, Gemini, OpenCode, bash, lazygit) in workspace repositories via tmux.
- Provides simple REST API for creating sessions, sending tasks, monitoring progress, capturing output, and killing sessions.
- Manages agent workspaces and project repos with clear Git integration rules.
- Offers endpoints for listing workspaces, repos, file trees, and reading/writing files.
- Supports automatic notification webhook on session completion via `notify_url`.
元数据
常见问题
Skill 是什么?
Dispatch coding tasks to tmux sessions via Sandboxer. Use when you need to spawn Claude Code, Gemini, OpenCode, bash, or lazygit sessions in workspace repos, monitor their progress, or send them commands. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 841 次。
如何安装 Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sandboxer-tmux」即可一键安装,无需额外配置。
Skill 是免费的吗?
是的,Skill 完全免费(开源免费),可自由下载、安装和使用。
Skill 支持哪些平台?
Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill?
由 chriopter(@chriopter)开发并维护,当前版本 v1.0.1。
推荐 Skills