← 返回 Skills 市场

Unikraft Cloud Sandbox

Name: Unikraft Cloud Sandbox
Author: procub3r

作者 procub3r · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ⚠ suspicious

104

总下载

当前安装

版本数

在 OpenClaw 中安装

/install unikraft-sandbox

功能描述

Run agent tasks inside an isolated Unikraft Cloud (UKC) sandbox VM. Use when the agent needs a clean, isolated execution environment — e.g. running untrusted...

安全使用建议

This skill appears to implement a real UKC sandbox workflow, but there are important mismatches and operational risks you should consider before installing: - Manifest vs runtime mismatch: the registry metadata lists no required environment variables or binaries, but the SKILL.md and scripts require UKC_TOKEN, UKC_METRO, UKC_USER, UKC_SANDBOX_IMAGE and host tools (curl, jq, ssh-keygen, ssh, rsync, openssl, node). Treat the SKILL.md as authoritative and ensure these exist. - Sensitive token risk: UKC_TOKEN is a bearer token able to manage instances. Only provide a minimal-scope, revocable token and understand that the skill will use it to create and delete instances via your UKC_METRO endpoint. - Private key lifecycle: create-sandbox.sh writes an SSH private key to /tmp/<sandbox-name>/id_ed25519 and delete-sandbox.sh removes that directory only when you run it. If you fail to delete the sandbox, the private key and instance may persist — remember to delete sessions to remove the key and instance. - Destructive sync: sync-to-sandbox.sh uses rsync --delete; files on the remote /workspace that don't exist locally will be removed. Do not rely on persistent data on the sandbox unless you know the sync behavior. - Data exposure on sandbox: anything you sync or run in the sandbox (including secrets) will be present on that remote VM while it exists. Avoid syncing credentials or other sensitive data unless you're certain the UKC provider and image are trusted. - Binaries and dependencies: confirm the host environment has curl, jq, ssh-keygen, ssh, rsync, openssl and node available and that their versions/behaviors are acceptable; the skill does not declare these requirements. If you still want to use it: provide a minimal-scoped UKC_TOKEN, verify and test create/delete on a disposable account, and ensure you always run the delete-sandbox.sh step to remove keys and instances. If possible, request the publisher to update the registry metadata to declare the required env vars and required host binaries to remove the manifest incoherence.

功能分析

Type: OpenClaw Skill Name: unikraft-sandbox Version: 1.1.0 The unikraft-sandbox skill is a legitimate tool for managing isolated Unikraft Cloud (UKC) virtual machines. It provides scripts for provisioning instances (create-sandbox.sh), executing commands via a dedicated Node.js wrapper (exec-sandbox.js), and synchronizing files using rsync over TLS-wrapped SSH (sync-to-sandbox.sh). The skill follows security best practices by generating per-session SSH keys in /tmp and using official UKC API patterns (api.unikraft.io). No evidence of data exfiltration, unauthorized persistence, or malicious prompt injection was found.

能力评估

⚠ Purpose & Capability

The SKILL.md and bundled scripts clearly require UKC credentials (UKC_TOKEN, UKC_METRO, UKC_USER, UKC_SANDBOX_IMAGE) and perform UKC API calls to create/delete instances; however the registry metadata lists no required environment variables. That metadata omission is an incoherence: the skill legitimately needs the listed UKC env vars, so the manifest is incomplete/misleading.

⚠ Instruction Scope

Instructions explicitly create SSH keypairs under /tmp, persist a private key and FQDN there, perform file syncs (rsync) and remote command execution (exec API or SSH), and warn that sync-to-sandbox.sh uses --delete. Those operations are expected for a sandbox but are consequential: files and secrets from the local session will be uploaded to the sandbox (and deletions on the remote can occur on sync), private keys are stored on disk until deletion, and the scripts assume binaries and tools that are not declared. No instructions ask for unrelated host data, but the destructive sync + private key lifecycle and missing binary declarations are notable.

ℹ Install Mechanism

This is instruction-only with shipped scripts (no package downloads or external installers). That limits install-time risk. However the scripts rely on host binaries (curl, jq, ssh-keygen, ssh, rsync, openssl, node) that the metadata does not declare; the absence of an install spec is reasonable, but the missing required-binaries declarations are an operational/incoherence issue.

⚠ Credentials

The skill requires a bearer token (UKC_TOKEN) and UKC_METRO base URL to create/delete instances — these are necessary for the stated purpose. But the registry claimed no required env vars, so the manifest underdeclares sensitive credentials. Also UKC_TOKEN is powerful (it can list/create/delete instances) — users should ensure the token has minimal privileges and that storing it in environment variables is acceptable. UKC_USER is declared in SKILL.md but not clearly used in scripts; that's another small inconsistency.

✓ Persistence & Privilege

The skill is not always-enabled, does not request system-wide config changes, and limits persistent state to /tmp/<sandbox-name> (SSH keys, fqdn). It does create and delete remote cloud instances (expected) but does not modify other skills. The agent's ability to invoke the skill autonomously is the default and not by itself a red flag.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install unikraft-sandbox
安装完成后，直接呼叫该 Skill 的名称或使用 /unikraft-sandbox 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.0

unikraft-sandbox 1.1.0 - Improved sandbox creation: now checks for existing sandbox names and errors if a name is reused. - Updated file synchronization details: local → sandbox sync uses a destructive method (`--delete`), warning users that files not present locally will be deleted from the sandbox. - SSH instructions now use an `openssl s_client` proxy for connections. - Removed outdated notes about script TODO stubs. - Clarified and streamlined procedure steps and usage notes.

v1.0.0

Initial release of unikraft-sandbox 1.0.0: - Runs tasks inside an isolated Unikraft Cloud (UKC) VM sandbox for each session. - Intended for running untrusted code, testing scripts, or reproducing build issues in isolation. - Triggers on phrases like "run this in a sandbox" or any request for an isolated environment. - Requires environment variables: UKC_TOKEN, UKC_METRO, UKC_USER, and UKC_SANDBOX_IMAGE. - Provides scripts for sandbox lifecycle: create, sync, execute, and delete. - Handles missing prerequisites and common error scenarios with clear user prompts.

元数据

Slug unikraft-sandbox

版本 1.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Unikraft Cloud Sandbox 是什么？

Run agent tasks inside an isolated Unikraft Cloud (UKC) sandbox VM. Use when the agent needs a clean, isolated execution environment — e.g. running untrusted... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 104 次。

如何安装 Unikraft Cloud Sandbox？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install unikraft-sandbox」即可一键安装，无需额外配置。

Unikraft Cloud Sandbox 是免费的吗？

是的，Unikraft Cloud Sandbox 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Unikraft Cloud Sandbox 支持哪些平台？

Unikraft Cloud Sandbox 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Unikraft Cloud Sandbox？

由 procub3r（@procub3r）开发并维护，当前版本 v1.1.0。