Codespace Manager
WarnAudited by ClawScan on May 10, 2026.
Overview
Codespace Manager largely matches its stated purpose, but it can expose a browser IDE to the public internet with a known default password and persistent background services.
Only install this if you are comfortable running Docker containers and Cloudflare tunnels from your machine. Before starting any codespace, set a strong unique password, avoid using it with sensitive repositories unless you trust the exposure model, stop environments when finished, and review the Dockerfile’s remote installers.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a tunnel URL is leaked or shared while the default password is still used, someone else could access the browser IDE and project files inside the codespace.
The start workflow exposes the local code-server through a public Cloudflare tunnel while retaining a fixed default password unless the user changes it.
CODESPACE_PASSWORD="${CODESPACE_PASSWORD:-codespace}" ... nohup cloudflared tunnel --url "http://localhost:$port" ... echo -e " Password: ${YELLOW}$cs_password${NC}"Require or generate a strong unique password before starting a tunnel, clearly warn before public exposure, and avoid using the default password for any real project.
A malformed or unexpected codespace name could cause files or ownership changes outside the intended ~/codespaces area.
The provided create logic uses the user-supplied codespace name directly in host filesystem paths and ownership changes; the supplied artifact text does not show validation rejecting slashes or ../ path traversal.
local workspace="$CODESPACE_BASE/$name" mkdir -p "$workspace" ... chown -R 1000:1000 "$workspace/project"
Validate codespace names against a safe pattern such as letters, numbers, dashes, and underscores, and resolve/check paths before writing or changing ownership.
A codespace may keep running and remain accessible until explicitly stopped, consuming resources and potentially exposing the IDE.
Starting a codespace creates long-running background services and a container restart policy, which is expected for a remote development environment but persists beyond the immediate command.
docker run -d ... --restart unless-stopped ... nohup cloudflared tunnel --url "http://localhost:$port" > "$tunnel_log" 2>&1 & echo $tunnel_pid > "$workspace/.tunnel.pid"
Use list/status/stop after each session, make persistence explicit to users, and consider disabling automatic restart unless the user asks for it.
Local files under the codespaces directory can contain passwords that grant access to the browser IDE.
The skill stores the default and per-codespace access passwords in local files so it can reuse them later.
echo "$new_pw" > "$CODESPACE_BASE/.default_password" ... "password": "$CODESPACE_PASSWORD"
Protect the codespaces directory, use strong unique passwords, avoid sharing logs/output that include passwords, and consider chmodding per-codespace metadata as well.
The built image depends on the current behavior and integrity of remote installer scripts at build time.
The Docker image build runs remote installer scripts for latest tool versions without pinned hashes or checksums.
RUN curl -fsSL https://bun.sh/install | bash ... RUN curl -LsSf https://astral.sh/uv/install.sh | sh ... RUN curl -fsSL https://opencode.ai/install | bash ...
Pin tool versions, verify checksums or signatures where possible, and review the Dockerfile before running setup.