← 返回 Skills 市场

Openclaw Skill

Name: Openclaw Skill
Author: star8592

作者 star8592 · GitHub ↗ · v2.1.8 · MIT-0

cross-platform ✓ 安全检测通过

452

总下载

当前安装

版本数

在 OpenClaw 中安装

/install skillshield-openclaw

功能描述

Sandboxed command runner for AI agents — validates and isolates every shell action inside a Bubblewrap user namespace.

使用说明 (SKILL.md)

skillshield

Sandboxed command runner for AI agents — validates and isolates every shell action inside a Bubblewrap user namespace.

SkillShield sits between your AI agent and the operating system. Before any shell command runs, a lightweight Rust daemon checks it against a set of safety rules and decides whether to allow it, sandbox it, or ask for your confirmation. Every decision is logged so you always know what happened.

What it does

Validates commands — checks each shell request against configurable rules before execution.
Isolates execution — runs approved commands inside a Bubblewrap sandbox with a minimal, read-only root filesystem.
Limits repetition — stops agents that get stuck in a loop and start consuming too many resources.
Logs decisions — every action (allowed, sandboxed, or paused for review) is recorded with structured metadata.

How to use

# Install from ClawHub
npx clawhub@latest install skillshield-openclaw

# Run a command through the safety layer
./skillshield-exec.sh "echo hello world"

Requirements

Dependency	Purpose
Linux	User-namespace support
`bwrap`	Bubblewrap sandbox runtime
`cargo`	Builds the Rust daemon on first run

Links

Homepage: https://coinwin.info
Marketplace: https://clawhub.ai/star8592/skillshield-openclaw

安全使用建议

This skill appears to do what it says: build a local Rust daemon and run commands inside a Bubblewrap sandbox. Before installing, consider: 1) you will compile and run native code from an unverified source — inspect the source yourself or run it in an isolated VM/container if you don't trust the publisher; 2) the wrapper defaults to a unix socket but the daemon supports TCP binding via SKILLSHIELDD_BIND — avoid exposing it to the network unless you intend to and have secured it; 3) the tool writes logs and build artifacts into your XDG cache directory (~/.cache by default); 4) ensure your system supports user namespaces and Bubblewrap; and 5) verify the publisher/homepage and consider auditing the Cargo.toml/dependencies if you need higher assurance.

功能分析

Type: OpenClaw Skill Name: skillshield-openclaw Version: 2.1.8 The skill is a legitimate security utility designed to sandbox AI agent shell commands using Bubblewrap (bwrap). It implements a Rust-based enforcement daemon (skillshieldd) that validates and isolates execution within a restricted user namespace (using --unshare-all and read-only binds). The provided bash wrapper (skillshield-exec.sh) manages the daemon lifecycle and communicates via a local Unix socket. No evidence of data exfiltration, malicious persistence, or unauthorized network activity was found; the code is well-structured and aligns perfectly with its stated purpose of enhancing agent safety.

能力评估

✓ Purpose & Capability

The declared purpose (validate and run shell commands in a Bubblewrap sandbox) matches the provided files and runtime behavior. The wrapper script checks for bwrap, cargo, curl and python3 and the Rust daemon implements a Bubblewrap executor. Required binaries (cargo, bwrap, curl, python3) are used by the wrapper and daemon and are proportionate to the task.

ℹ Instruction Scope

SKILL.md and skillshield-exec.sh instruct building a local daemon and forwarding commands via a unix-domain socket; the code only touches files inside the user's XDG cache directory for build artifacts, PID/log/socket. The daemon can be configured (via the SKILLSHIELDD_BIND env var) to bind TCP instead of a unix socket — the wrapper sets a unix socket by default, but the binary supports alternate (network) binding which expands its attack surface if misconfigured or run manually.

ℹ Install Mechanism

This is instruction-only (no marketplace install spec), but includes full Rust source and a wrapper that invokes cargo build on first run. Building and running supplied native code is coherent for this skill, but compiling unknown third-party code locally is a real risk because the resulting binary executes with your user privileges. The code itself contains no obvious exfiltration or remote endpoints.

✓ Credentials

The skill does not require secrets or unrelated environment variables. The only meaningful env interaction is SKILLSHIELDD_BIND (used to choose unix vs tcp binding) and standard XDG_CACHE_HOME/$HOME for cache paths; these are consistent with a local daemon. No credentials or unrelated service tokens are requested.

✓ Persistence & Privilege

always:false (not persisted system‑wide). The skill writes build artifacts, logs, pid and a unix socket into the user's cache directory and launches a user‑owned background daemon — this is expected for a local enforcement service. It does not modify other skills or system-wide agent settings. The ability to bind TCP (if env changed) increases privilege scope if misused.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install skillshield-openclaw
安装完成后，直接呼叫该 Skill 的名称或使用 /skillshield-openclaw 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.1.8

v2.1.8: Simplify marketplace description. Neutral language.

v2.1.7

v2.1.7: Simplify descriptions to focus on user-facing problems. Remove technical jargon.

v2.1.6

v2.1.6: Simplify policy to pure sandbox-first approach. Remove unused fallback executor. Clean up all source files.

v2.1.5

v2.1.5: Rewrite documentation for clarity. Clean up policy reason strings.

v2.1.4

Tighten the bundled daemon: restart after rebuild, disable sandbox networking, and explicitly block outbound shell tooling.

v2.1.3

Ship a bundled Rust enforcement daemon and execute commands through bubblewrap instead of direct bash fallback.

v2.1.2

Update to reflect Rust/bwrap architecture.

v2.1.0

**skillshield-openclaw 2.1.0 changelog** - SKILL.md updated: rewritten in English, clarified local-only scope and limitations, simplified risk claims. - Added test-crawler.js for initial test or development purposes. - config.json and skillshield-exec.sh updated for alignment with new documentation and policy. - No changes to core wrapper logic; focus is on documentation clarity and transparency.

v1.0.4

Rewrote product messaging to focus on the top user problems solved: destructive commands, secret leakage, runaway loops, and missing audit visibility.

v1.0.3

Clarified local-only behavior, removed coercive wrapper language, removed eval, and improved scanner transparency.

v1.0.1

Local only free edition.

v1.0.0

Initial public release of SkillShield free edition.

元数据

Slug skillshield-openclaw

版本 2.1.8

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 12

常见问题

Openclaw Skill 是什么？

Sandboxed command runner for AI agents — validates and isolates every shell action inside a Bubblewrap user namespace. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 452 次。

如何安装 Openclaw Skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillshield-openclaw」即可一键安装，无需额外配置。

Openclaw Skill 是免费的吗？

是的，Openclaw Skill 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Openclaw Skill 支持哪些平台？

Openclaw Skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Openclaw Skill？

由 star8592（@star8592）开发并维护，当前版本 v2.1.8。