Lybic Sandbox
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill transparently provides broad Lybic cloud-sandbox control, which is purpose-aligned but should be used carefully because it can run code, manage cloud resources, use an API key, and expose sandbox services.
Before installing, make sure you trust the Lybic SDK source, configure a least-privileged API key, and instruct the agent to ask before deleting sandboxes/projects, running arbitrary commands, or exposing ports publicly.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill can run commands inside Lybic sandboxes and create or delete cloud resources, which may affect data in those sandboxes or create usage costs.
The skill gives the agent broad remote sandbox-control capabilities, including command execution and resource deletion. This is central to the sandbox-control purpose and is clearly disclosed, but it is still powerful.
Execute shell commands and scripts ... Create sandboxes ... List, get details, and delete sandboxes
Use this skill only with clear user intent for high-impact actions such as deleting resources, running arbitrary commands, or creating externally reachable services.
Anyone or any agent with access to the configured API key may be able to manage Lybic sandboxes and related organization resources.
The skill requires an organization-scoped Lybic API key to operate. This is expected for the integration, but the key can authorize cloud resource management.
Users need Lybic credentials set via environment variables: `LYBIC_ORG_ID` - Organization ID; `LYBIC_API_KEY` - API key
Use the least-privileged Lybic API key available, avoid hardcoding real keys in code, and rotate the key if it may have been exposed.
A service or data inside the sandbox could become reachable from the internet if a port mapping is created.
The skill can expose services running inside a sandbox through public URLs. This is a documented feature, but it changes the data boundary of the sandbox.
HTTP port mapping for web services - Forward sandbox ports to public URLs
Only expose sandbox ports when needed, avoid serving sensitive data, use access controls where available, and delete mappings when finished.
Installing an unpinned package may pull a newer or unexpected SDK version in the future.
The skill depends on an external Python SDK installed from a package source without a pinned version in the provided artifacts. This is normal for an SDK-based integration but is a supply-chain consideration.
pip install lybic
Install the SDK from a trusted package index and consider pinning a known-good version in controlled environments.