← 返回 Skills 市场
mrbeandev

Workspace Explorer

作者 mrbeandev · GitHub ↗ · v1.1.5
cross-platform ⚠ suspicious
2101
总下载
4
收藏
7
当前安装
4
版本数
在 OpenClaw 中安装
/install workspace-explorer
功能描述
Securely share your workspace with your owner via a remote VS Code environment. Use when (1) the owner requests to view or inspect your working files, (2) you need to give the owner live access to browse your codebase, (3) the owner wants to install extensions or use IDE features to explore files, or (4) you need a temporary secure tunnel for remote workspace inspection.
安全使用建议
This skill does what it says (creates a public browser VS Code to let someone inspect files), but that capability inherently lets a remote person see or edit anything in the served directory — including secrets. Before using: (1) inspect the GitHub repo yourself (start_workspace.py and any scripts it downloads) and prefer running it in an isolated environment (ephemeral VM or container); (2) only serve a directory that contains no credentials, tokens, SSH keys, or other sensitive files; (3) verify the sources and checksums of downloaded binaries (code-server, cloudflared) or install them from official package channels yourself instead of letting the script fetch them; (4) share the URL/password only over a trusted channel and terminate the session when done; (5) monitor logs/cloudflared.log and remove downloaded binaries when finished. If you cannot audit the remote script or binaries, treat this skill as risky and avoid running it on any machine containing sensitive data.
功能分析
Type: OpenClaw Skill Name: workspace-explorer Version: 1.1.5 This skill is suspicious due to its high-risk capabilities, despite aligning with its stated purpose. It instructs the agent to download and execute external binaries (code-server and cloudflared) from an external GitHub repository (https://github.com/mrbeandev/workspace-explorer.git) as described in SKILL.md, which introduces a significant supply chain risk. Furthermore, it creates a public internet tunnel via Cloudflare to expose the agent's workspace, providing remote interactive access, which is an inherently high-risk operation. While the prompt instructions in SKILL.md and HEARTBEAT.md are aligned with the skill's function (sharing the URL/password, checking status), the underlying actions carry substantial security implications.
能力评估
Purpose & Capability
Name/description (share workspace via code-server + Cloudflare tunnel) match the instructions: clone the repo and run start_workspace.py which starts code-server and a Cloudflare tunnel. No unrelated credentials or unrelated binaries are requested.
Instruction Scope
The SKILL.md tells the agent to run a repo script that will serve an arbitrary filesystem path via code-server and expose a public URL/password. That behavior is exactly the feature, but it gives remote access to everything in the served directory (potentially secrets, tokens, keys). The instructions do not suggest limiting or sanitizing the workspace, nor do they instruct how to safely restrict access.
Install Mechanism
There is no install spec in the skill bundle; the runtime instructions tell the script to 'download binaries on first run' (code-server + cloudflared). Downloading and running binaries from the network at runtime has a high risk surface because those artifacts are not included or checksum-verified in the skill. The repo origin is given, but the agent would still fetch external executables.
Credentials
The skill requests no environment variables or credentials, which is appropriate. However, the action of exposing a directory can leak unrelated secrets (environment files, tokens, SSH keys) that live in the workspace — the skill doesn't provide guidance to avoid or scrub those before sharing.
Persistence & Privilege
always:false and no install spec — the skill is not forced into all sessions. The included HEARTBEAT.md describes periodic status checks when installed as a skill, which implies some ongoing agent activity (reminders) but not elevated platform privileges. Periodic checks increase the window in which a tunnel might be left open if not monitored.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install workspace-explorer
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /workspace-explorer 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.5
- Added HEARTBEAT.md to support periodic tunnel activity checks. - Documentation updated to mention new --status flag for checking if the workspace is running. - Added note to wait 15-30 seconds for the public URL to become active after starting the workspace. - Described OpenClaw integration: the agent will remind you if the tunnel is left running too long.
v1.1.2
- Added a note to the usage instructions clarifying that after startup, you should wait 15–30 seconds for the public Cloudflare tunnel URL to become active before use. - No other changes detected.
v1.1.1
- Added homepage field linking to the project repository. - Set the skill as user-invocable. - Updated usage instructions to use {baseDir} variable instead of a static path.
v1.1.0
Initial release of workspace-explorer - Securely share your workspace using a remote VS Code environment tunneled through Cloudflare. - Start code-server and Cloudflare tunnel with a simple Python script; outputs public URL and unique password. - Supports live codebase browsing, extension management, and secure file exploration for the owner. - No firewall configuration needed; workspace access is temporary and ends when the script terminates. - Each session uses a cryptographically secure, unique password and temporary URL for enhanced security.
元数据
Slug workspace-explorer
版本 1.1.5
许可证
累计安装 8
当前安装数 7
历史版本数 4
常见问题

Workspace Explorer 是什么?

Securely share your workspace with your owner via a remote VS Code environment. Use when (1) the owner requests to view or inspect your working files, (2) you need to give the owner live access to browse your codebase, (3) the owner wants to install extensions or use IDE features to explore files, or (4) you need a temporary secure tunnel for remote workspace inspection. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2101 次。

如何安装 Workspace Explorer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install workspace-explorer」即可一键安装,无需额外配置。

Workspace Explorer 是免费的吗?

是的,Workspace Explorer 完全免费(开源免费),可自由下载、安装和使用。

Workspace Explorer 支持哪些平台?

Workspace Explorer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Workspace Explorer?

由 mrbeandev(@mrbeandev)开发并维护,当前版本 v1.1.5。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论