← 返回 Skills 市场
Vercel Sandbox
作者
daxiangnaoyang
· GitHub ↗
· v1.0.0
· MIT-0
91
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install vercel-sandbox
功能描述
Run agent-browser + Chrome inside Vercel Sandbox microVMs for browser automation from any Vercel-deployed app. Use when the user needs browser automation in...
安全使用建议
This skill appears to do what it says (run agent-browser inside Vercel sandbox VMs), but the runtime instructions expect Vercel credentials and an optional snapshot ID even though the registry metadata lists no required environment variables. Before installing or using it:
- Confirm the publisher/source and a homepage or repository for the skill and review @vercel/sandbox and agent-browser packages independently.
- Do not supply full-privilege org tokens. If you must provide VERCEL_TOKEN, create a least-privilege service token limited to sandbox creation and to the specific project/team, and rotate it regularly.
- Ask the publisher to declare required env vars (VERCEL_TOKEN, VERCEL_TEAM_ID, VERCEL_PROJECT_ID, AGENT_BROWSER_SNAPSHOT_ID) and to document the exact token scopes needed.
- Review any sandbox snapshot contents before use, and prefer snapshots prepared by a trusted source.
- Be aware screenshots and accessibility snapshots capture page content; avoid sending the skill credentials or secrets for sites you don’t want captured.
If the publisher cannot explain why environment variables are not declared in the metadata or cannot supply a verifiable source, treat the skill with caution or avoid installing it.
功能分析
Type: OpenClaw Skill
Name: vercel-sandbox
Version: 1.0.0
The vercel-sandbox skill bundle provides a legitimate framework for executing browser automation using the agent-browser tool within Vercel Sandbox microVMs. The SKILL.md file contains standard implementation patterns for managing VM lifecycles, installing Chromium dependencies via dnf, and capturing page data. While it handles sensitive Vercel credentials (VERCEL_TOKEN, VERCEL_TEAM_ID), it does so using the official @vercel/sandbox SDK for authentication, and there is no evidence of data exfiltration, malicious persistence, or harmful prompt injection.
能力评估
Purpose & Capability
The skill's stated purpose (run agent-browser + headless Chrome in Vercel Sandboxes) aligns with the code examples in SKILL.md. However, the SKILL.md relies on environment variables (VERCEL_TOKEN, VERCEL_TEAM_ID, VERCEL_PROJECT_ID, AGENT_BROWSER_SNAPSHOT_ID) and on creating/managing Vercel Sandbox instances — yet the registry metadata declares no required environment variables or credentials. That discord (code expecting cloud credentials while the skill declares none) is a proportionality/information mismatch and reduces trust.
Instruction Scope
The runtime instructions tell the agent to run shell commands inside sandboxes (dnf install, npm install -g, npx agent-browser install, base64, etc.), read command stdout and files (screenshot paths), and depend on multiple environment variables. Most of these actions are coherent with browser automation, but the instructions access unspecified environment variables and perform package installs and arbitrary shell commands inside VMs — which increases the attack surface and requires explicit declarations and justification that are missing.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the skill itself. The SKILL.md recommends adding the @vercel/sandbox package (pnpm add), which is a normal dependency for the described workflow. No remote downloads or extract-from-URL installs are embedded in the skill bundle itself.
Credentials
The SKILL.md reads VERCEL_TOKEN, VERCEL_TEAM_ID, VERCEL_PROJECT_ID, and AGENT_BROWSER_SNAPSHOT_ID — sensitive credentials/config — but the skill metadata lists no required env vars or a primary credential. Requesting Vercel tokens is proportionate to creating sandboxes, but it should be declared in the registry with guidance on minimum scopes. The lack of declared env requirements is inconsistent and could lead users to unknowingly supply broad credentials. Additionally, the skill will capture page contents and screenshots in the sandbox, which could expose sensitive data if misused.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always is false). It instructs creating ephemeral sandbox VMs and stopping them after use. There is no indication it modifies other skills, system-wide agent settings, or requests permanent presence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vercel-sandbox - 安装完成后,直接呼叫该 Skill 的名称或使用
/vercel-sandbox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of vercel-sandbox for browser automation in Vercel microVMs.
- Enables running agent-browser and Chrome within ephemeral Vercel Sandbox VMs for browser automation in any Vercel-deployed app.
- Supports fast startup using sandbox snapshots, including pre-installed dependencies and browsers.
- Provides persistent browser sessions over multiple commands within the same sandbox instance.
- Includes detailed code examples for screenshots, accessibility snapshots, and multi-step automation.
- Outlines setup, authentication, and integration with Vercel Cron Jobs for scheduled tasks.
元数据
常见问题
Vercel Sandbox 是什么?
Run agent-browser + Chrome inside Vercel Sandbox microVMs for browser automation from any Vercel-deployed app. Use when the user needs browser automation in... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 91 次。
如何安装 Vercel Sandbox?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vercel-sandbox」即可一键安装,无需额外配置。
Vercel Sandbox 是免费的吗?
是的,Vercel Sandbox 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Vercel Sandbox 支持哪些平台?
Vercel Sandbox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Vercel Sandbox?
由 daxiangnaoyang(@daxiangnaoyang)开发并维护,当前版本 v1.0.0。
推荐 Skills