← 返回 Skills 市场

Tcb Sandbox

Name: Tcb Sandbox
Author: realalexandreai

作者 RealAlexandreAI · GitHub ↗ · v0.3.11 · MIT-0

cross-platform ⚠ suspicious

441

总下载

当前安装

版本数

在 OpenClaw 中安装

/install tcb-sandbox

功能描述

Operate remote TRW workspaces via @tcb-sandbox/cli (HTTP/MCP client). The TRW npm package is not published publicly; the CLI embeds a production TRW build (`...

安全使用建议

This skill is largely coherent for managing remote TRW workspaces, but review a few things before installing: - Confirm the npm package source and trustworthiness of @tcb-sandbox/cli (check the package registry owner, published tarball contents, and homepage). If the package is private or from an unknown publisher, prefer to vet it first or run the CLI locally. - Avoid supplying broad credentials in TCB_SANDBOX_HEADERS_JSON unless you trust the endpoint; that env var is referenced in the docs but not declared in metadata. - Be aware the SKILL.md instructs the agent to log a high-risk notice and then proceed with destructive/PT Y/bash actions without an interactive confirmation. If you plan to allow autonomous agent invocation, this means the agent could execute potentially destructive commands once it has the session id — consider requiring explicit user confirmation in your workflow or disallowing autonomous runs for this skill. - Ask the skill author (or inspect the CLI package) to resolve the minor inconsistencies: pnpm vs npm in bootstrap instructions and to declare any optional environment variables (like TCB_SANDBOX_HEADERS_JSON) in metadata. If you cannot verify the package or do not want remote destructive operations to run without an explicit human confirmation, do not install or do not grant the session credentials to the skill.

功能分析

Type: OpenClaw Skill Name: tcb-sandbox Version: 0.3.11 The skill provides a comprehensive interface for managing remote 'TRW' workspaces using the @tcb-sandbox/cli tool. It includes high-risk capabilities such as arbitrary shell execution (bash), pseudo-terminal management (pty-service), secret storage manipulation (secrets-store), and file system access (read/write/upload). While these capabilities are aligned with the stated purpose of workspace management and the instructions in SKILL.md include safety rules and redaction guidelines, the broad access to remote environments and the instruction to execute high-risk actions without interactive confirmation meet the threshold for a suspicious classification under the provided criteria.

能力评估

✓ Purpose & Capability

Name/description align with requirements: the skill manages TRW workspaces, declares the tcb-sandbox binary and session/endpoint env vars, and provides an npm install for @tcb-sandbox/cli which produces the expected binary. Requiring a session id and endpoint is proportionate for remote workspace operations.

⚠ Instruction Scope

SKILL.md mostly confines actions to the remote TRW workspace and explicitly forbids reading arbitrary local credentials. However it (a) references an optional TCB_SANDBOX_HEADERS_JSON environment variable not declared in requires.env, (b) instructs the agent to proceed with high-risk destructive or PTY/bash operations after logging a notice without requiring an additional interactive confirmation, which enables autonomous destructive actions if the agent is invoked automatically.

ℹ Install Mechanism

Install uses a published npm package (@tcb-sandbox/[email protected]) which maps to the required binary — a reasonable mechanism. Minor mismatch: SKILL.md bootstrap suggests pnpm add -g while the install metadata lists a node/npm package; this is plausibly benign but inconsistent and worth confirming. No direct download URLs or archive extraction were present.

⚠ Credentials

Declared required env vars (TCB_SANDBOX_ENDPOINT, TCB_SANDBOX_SESSION_ID) are appropriate. But SKILL.md permits an extra TCB_SANDBOX_HEADERS_JSON for gateway headers (not declared in metadata) which could carry additional sensitive tokens/headers; that undocumented optional variable increases risk if populated. Primary credential being TCB_SANDBOX_SESSION_ID is reasonable.

✓ Persistence & Privilege

The skill does not request always:true, has no system config paths, and does not claim to modify other skills or global agent settings. It does allow autonomous invocation (platform default), which combined with the instruction to proceed after high-risk notices increases operational risk but is not a metadata privilege escalation by itself.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install tcb-sandbox
安装完成后，直接呼叫该 Skill 的名称或使用 /tcb-sandbox 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.3.11

升级内置 CLI 至 0.3.9；移除过时 ERWA 描述；更新安装引用版本

v0.3.10

Sync with CLI improvements; pin @tcb-sandbox/[email protected]; update SDK integration.

v0.3.5

Pin [email protected] (TS 6 / vitest bump alignment).

v0.3.4

Document bash background process limitation; recommend PTY/tmux as reliable alternatives for long-running services.

v0.3.2

Add mcporter_cli tool playbooks; pin [email protected]; sync bash timeout default.

v0.3.1

Skill release: install pin [email protected]; MCP/mcporter playbooks; align with CLI release docs.

v0.2.3

tcb-sandbox v0.2.3 - Clarified PTY operation support: now explicitly includes read-output and resize actions. - Minor edits and expansions to documentation for improved accuracy and completeness in SKILL.md. - No changes to code or runtime behavior.

v0.2.2

Fix install metadata to use explicit CLI version [email protected] (no @latest).

v0.2.1

Align with latest tcb-sandbox-cli release and capability-first PTY workflow updates.

v0.1.10

- Safety confirmation for high-risk operations has been changed: now emits a high-risk action notice instead of requiring explicit user approval. - The confirmation template section was updated to a "notice" template, and instructions to require/await user confirmation were removed. - Instruction for destructive actions in Safety Rules now directs to log a high-risk notice and execute directly. - No changes to CLI, commands, or general usage flows.

v0.1.9

- Updated CLI installation instructions: now recommends installing [email protected] via pnpm. - Top-level tools are now preferred for secrets management (use `secrets set/get/list/delete`). - Added PTY process management support (create/send_input/kill) as first-class operations. - Updated high-risk operation confirmation template to include PTY lifecycle actions. - Adjusted capability-first flow, introducing `capability_register` and clarifying execution routes. - Refined examples and standard execution flow, emphasizing top-level HTTP tools for secrets, files, preview, and PTY operations.

v0.1.8

tcb-sandbox v0.1.8 - Updated installation instructions to require [email protected] (was latest). - Adjusted metadata to reflect explicit CLI version and updated required environment variables. - Added a note allowing TCB_SANDBOX_HEADERS_JSON as an optional extra header when required. - Clarified bootstrap and setup steps for CLI installation and environment configuration.

v0.1.7

tcb-sandbox 0.1.7 - Added TCB_SANDBOX_HEADERS_JSON to required environment variables. - Updated safety rules to prefer capability-based secret management via secrets-store. - Updated execution flow to prefer capability management tools (capability_list, capability_invoke) for installing/using abilities. - Expanded documentation with new playbooks for capability management and secrets via capability tools. - Clarified that git archive via capability_invoke (git-archive) is the preferred workflow, with git_push as legacy support.

v0.1.6

tcb-sandbox 0.1.6 - Added Apache-2.0 license declaration to SKILL.md. - Updated CLI installation instructions to use tcb-sandbox-cli@latest instead of a fixed version. - Adjusted install metadata to reference the latest version of tcb-sandbox-cli. - No functional changes to runtime behavior or commands.

v0.1.5

tcb-sandbox v0.1.5 - Updated to use and recommend [email protected] (was @0.1.0) for installation and runtime. - SKILL.md clarified that `bash` mode is `execute` by default and documents how to use `mode=dry_run` for risk summaries and simulation. - Minor skill naming and formatting improvements for consistency. - No changes to functionality or core usage patterns.

v0.1.4

License update: switch skill package license to Apache-2.0 for enterprise alignment.

v0.1.3

Risk hardening: pin CLI install to [email protected] and add explicit high-risk confirmation template for bash and secrets operations.

v0.1.2

Security hardening: add SKILL frontmatter metadata for required env/binary and installer hints, restrict credential scope, and replace secret examples with explicit user-approved placeholders.

v0.1.1

Improve operator guidance with top use cases and lifecycle-aware troubleshooting for freeze/wake and TTL rotation scenarios.

v0.1.0

Initial release: session-affine TRW sandbox operation via tcb-sandbox-cli with safety-first workflows.

元数据

Slug tcb-sandbox

版本 0.3.11

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 20

常见问题

Tcb Sandbox 是什么？

Operate remote TRW workspaces via @tcb-sandbox/cli (HTTP/MCP client). The TRW npm package is not published publicly; the CLI embeds a production TRW build (`... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 441 次。

如何安装 Tcb Sandbox？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tcb-sandbox」即可一键安装，无需额外配置。

Tcb Sandbox 是免费的吗？

是的，Tcb Sandbox 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Tcb Sandbox 支持哪些平台？

Tcb Sandbox 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Tcb Sandbox？

由 RealAlexandreAI（@realalexandreai）开发并维护，当前版本 v0.3.11。