← 返回 Skills 市场
Code Sandbox
作者
yuyonghao-123
· GitHub ↗
· v0.1.0
· MIT-0
141
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install yuyonghao-code-sandbox
功能描述
Secure sandbox for executing Node.js, Python, Go, and Rust code with timeout, CPU, and isolated temporary directory constraints.
安全使用建议
This package is a prototype sandbox that runs user code by writing files and executing them via shell commands. Don't run untrusted code with it on any machine that holds secrets — the code intentionally (and by default) passes the host environment to child processes and has no network or filesystem isolation or enforced memory limits. If you consider installing or using it:
- Do not enable autonomous invocation for agents that have this skill without strict controls.
- Audit and remove exposure of sensitive environment variables before running (or run the sandbox with a deliberately empty env for child processes). Specifically, change child process env to a minimal whitelist (not ...process.env).
- Prefer running in a container/VM (Docker or isolated VM) with network disabled and resource quotas if you need to execute untrusted code.
- Review and harden executeWithTimeout behavior (exec spawns a shell; killing it may not kill grandchildren). Consider spawn with no shell, or use container runtime and process supervision.
- Because the SKILL.md itself warns this is not suitable for untrusted code, treat the project as experimental. If you cannot accept the risk of environment leakage or arbitrary process execution, do not install or run this skill on sensitive hosts.
功能分析
Type: OpenClaw Skill
Name: yuyonghao-code-sandbox
Version: 0.1.0
The skill implements a 'Code Sandbox' that lacks meaningful isolation, executing code directly on the host via child_process.exec in src/sandbox.js. A critical security flaw exists where the NodeExecutor explicitly passes the parent process's environment variables (process.env) to the executed code, exposing sensitive API keys and secrets to the 'sandbox' environment. While SKILL.md includes safety warnings and a roadmap for Docker integration, the current implementation provides a false sense of security and functions as a high-risk Remote Code Execution (RCE) wrapper.
能力评估
Purpose & Capability
The skill advertises a 'secure sandbox' for multi-language execution, but the code shows process-level execution via shell commands (child_process.exec) rather than hardened isolation. The SKILL.md and TESTING.md emphasize security features, yet the implementation explicitly lists many missing protections (no Docker, no network isolation, no enforced memory limits). The claimed purpose (secure sandbox) is not matched by the current capabilities.
Instruction Scope
SKILL.md instructs installing and running the package locally (npm install, npm run demo). The runtime instructions and code write user-provided code to temporary directories and execute it with shell commands. There are no steps to strip or sanitize environment variables nor to restrict network/filesystem access. The documentation even warns 'NOT suitable for running untrusted code', which contradicts the top-level claim of a 'secure sandbox'.
Install Mechanism
There is no remote download/install spec in the registry metadata; installation is standard npm (package.json). package.json has no declared dependencies, so install risk is low. The skill is not pulling arbitrary archives or remote binaries.
Credentials
The skill declares no required environment variables, but the implementation passes the entire process.env into Node child processes (env: { ...process.env, NODE_ENV: 'sandbox' }) and other languages inherit the parent's env by default. This means any secrets in the agent/host environment (API keys, cloud creds, tokens) would be available to executed code — disproportionate to a safe sandbox and a serious confidentiality risk.
Persistence & Privilege
The skill does not request persistent privileges (always: false), does not declare required config paths or credentials, and does not modify other skills. It keeps execution history in-memory only. No excessive persistence or elevated platform privileges are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install yuyonghao-code-sandbox - 安装完成后,直接呼叫该 Skill 的名称或使用
/yuyonghao-code-sandbox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: Secure, multi-language code execution sandbox for OpenClaw agents.
- Supports Node.js, Python, Go, and Rust code execution
- Basic process isolation and temporary directory usage for safety
- Customizable timeouts, memory limits, and per-execution configuration
- Tracks execution history with metrics
- Automatic cleanup of temporary files after code runs
- Early-stage: network isolation and Docker support not yet implemented
元数据
常见问题
Code Sandbox 是什么?
Secure sandbox for executing Node.js, Python, Go, and Rust code with timeout, CPU, and isolated temporary directory constraints. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 141 次。
如何安装 Code Sandbox?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install yuyonghao-code-sandbox」即可一键安装,无需额外配置。
Code Sandbox 是免费的吗?
是的,Code Sandbox 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Code Sandbox 支持哪些平台?
Code Sandbox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Code Sandbox?
由 yuyonghao-123(@yuyonghao-123)开发并维护,当前版本 v0.1.0。
推荐 Skills