ClawHub

tensorlake

v2.3.0

Tensorlake SDK for agent sandboxes and sandbox-native orchestration. Use when the user mentions tensorlake, or asks about Tensorlake APIs/docs/capabilities....

0· 37·0 current·0 all-time
byShanshan Wang@cooleel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included content: the package is an SDK/docs skill describing Sandboxes and Orchestrate. The SKILL.md documents TENSORLAKE_API_KEY and optional provider keys as runtime prerequisites for user code (not as plugin-owned secrets), which is appropriate for an SDK documentation skill.
Instruction Scope
SKILL.md contains only SDK usage docs and template commands (pip/npm installs, tl CLI usage, sandbox Image build snippets, git clone examples). It warns explicitly not to paste API keys into conversations and not to write to host discovery paths. The instructions reference sandbox image builds and sandbox-local operations (expected). There are no instructions that attempt to read unrelated host secrets or exfiltrate data.
Install Mechanism
The skill is instruction-only (no install spec). There is a small script (bump-version.sh) and many reference docs, but nothing that the registry would execute automatically. Example runtime commands in docs (apt-get, git clone, pip install) are templates for user-controlled sandbox images rather than mandatory install steps.
Credentials
The registry metadata declares no required env vars. SKILL.md documents TENSORLAKE_API_KEY and provider keys as runtime prerequisites for user applications, which is expected and proportional for an SDK. No unrelated credentials or unexplained secret requests are present.
Persistence & Privilege
always:false and normal invocation settings. The docs include patterns to add SKILL.md into sandbox images and to copy files into container user paths (e.g., /root/.claude/skills) when building images; the SKILL.md explicitly warns not to write to host discovery paths. This is expected for sandbox-image build templates, but users should take care when following those templates so they don't inadvertently modify host-level agent discovery directories.
Assessment
This skill is primarily documentation and appears coherent with its stated purpose. Before installing or following the example commands: (1) don't paste API keys into chat — use environment variables or a secret manager and follow the SKILL.md guidance for TENSORLAKE_API_KEY and provider keys; (2) review any Image/build commands (apt-get, git clone, pip/npm installs) before running them in your environment; those commands are intended for user-controlled sandbox images, not for modifying your host; (3) avoid copying skill files into host-wide agent discovery directories unless you mean to change agent behavior system-wide; (4) if you plan to deploy or run code from the referenced GitHub repo, verify the repo URL and contents yourself; (5) treat the included CLI examples (tl, npx tl) as templates — they will perform network operations and package installs when you run them, so run them only in controlled environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwbs4s0rhbwzs8mk5jre9cd84vwcw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments