← 返回 Skills 市场
Skill Sandbox
作者
Don Zurbrick
· GitHub ↗
· v1.0.0
357
总下载
0
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-sandbox
功能描述
Sandboxed ClawHub skill installation with automated security scanning. Use when: (1) Installing any new skill from ClawHub, (2) Auditing an already-installed...
安全使用建议
This skill appears to implement a staging-and-scan workflow, but several mismatches mean you should be cautious before using it as your safety guard: 1) It is not a true sandbox — the script runs 'clawhub install', which will perform network installs and may execute target skill install/postinstall hooks on your host. Run this in an isolated VM/container if you want protection. 2) The SKILL.md claims 'no network calls' and 'no external dependencies', which is false: ensure the host has and trusts 'clawhub', 'jq', and standard Unix tools the script uses. 3) The script offers a '--force' flag that bypasses VirusTotal checks—avoid using --force unless you fully trust the publisher. 4) The skill does not declare required binaries or environment variables (e.g., jq, file, clawhub, OPENCLAW_WORKSPACE), so inventory and install those dependencies manually in a safe environment. 5) Prefer running with '--scan-only' first and reviewing the staged files manually (or with an LLM-auditor) before promoting. If you lack a safe sandbox, do not run this on production hosts; instead run it inside an ephemeral VM or container and verify behavior and outputs before trusting automatic promotion.
功能分析
Type: OpenClaw Skill
Name: skill-sandbox
Version: 1.0.0
The skill-sandbox bundle is a security utility designed to audit and sandbox other OpenClaw skills before installation. The primary script, scripts/skill-sandbox.sh, implements a multi-layered static analysis pipeline that checks for dangerous code patterns (eval, shell execution), sensitive data access (env vars, keys), and risky instructions in SKILL.md. While the script performs file system operations like directory deletion and movement, these actions are strictly aligned with its stated purpose of managing a staging and quarantine workflow to prevent supply chain attacks.
能力评估
Purpose & Capability
Name/description claim a 'sandboxed' installation pipeline and 'no network calls / no external dependencies', but the script calls an external 'clawhub' installer (which will perform network operations and may run package install scripts) and relies on tools like jq/file/grep. The required binaries/environment are not declared, so requested actions are disproportionate to the metadata.
Instruction Scope
SKILL.md instructs the agent to run the included shell script which runs 'clawhub install' into a staging dir. That installer can execute a target skill's install/postinstall hooks on the host (not in an isolated container), so the actual runtime behavior can execute arbitrary code outside the intended scan. The script does not create a true sandbox (no chroot/namespace/container), and SKILL.md's 'no network calls' claim is inaccurate.
Install Mechanism
There is no external install spec for this skill itself (instruction-only with an included script), so nothing is downloaded by the skill at install time. The risk comes from the script invoking external installers (clawhub) at runtime rather than from an installer URL embedded in the skill.
Credentials
The skill declares no required env vars or binaries, yet the script expects OPENCLAW_WORKSPACE (optional), and depends on external binaries (clawhub, jq, file, grep, find, sed, mv, rm, etc.) and on network access. It also provides a --force option to bypass VirusTotal flags which can override upstream protections—this capability is powerful and not justified in the metadata.
Persistence & Privilege
always:false and no autonomous-disable flags—normal. The script can move staged skills into the live skills directory (promote) and will replace existing live skills; that is expected for a promote tool but be aware it can overwrite live skills when invoked with --promote. It does not request persistent platform-wide privileges or modify other skills' configs programmatically.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-sandbox - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-sandbox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: sandboxed skill installation with 5-layer security scanning. Auto-quarantine on critical findings, auto-promote on clean scan. Checks for eval/exec, network calls, secret access, symlinks, install scripts, obfuscation, and dangerous SKILL.md instructions.
元数据
常见问题
Skill Sandbox 是什么?
Sandboxed ClawHub skill installation with automated security scanning. Use when: (1) Installing any new skill from ClawHub, (2) Auditing an already-installed... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 357 次。
如何安装 Skill Sandbox?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-sandbox」即可一键安装,无需额外配置。
Skill Sandbox 是免费的吗?
是的,Skill Sandbox 完全免费(开源免费),可自由下载、安装和使用。
Skill Sandbox 支持哪些平台?
Skill Sandbox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Sandbox?
由 Don Zurbrick(@zurbrick)开发并维护,当前版本 v1.0.0。
推荐 Skills