ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Alfred OpenShell Sandbox

v1.0.0

Provides isolated sandboxes using NVIDIA OpenShell for secure code execution, security scans, debugging, and test running with resource and network restricti...

0· 25·0 current·0 all-time
bylJokerl@lllljokerllll

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lllljokerllll/alfred-openshell-sandbox.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Alfred OpenShell Sandbox" (lllljokerllll/alfred-openshell-sandbox) from ClawHub.
Skill page: https://clawhub.ai/lllljokerllll/alfred-openshell-sandbox
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install lllljokerllll/alfred-openshell-sandbox

ClawHub CLI

Package manager switcher

npx clawhub@latest install alfred-openshell-sandbox
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (providing OpenShell sandboxes) matches the SKILL.md content: commands, sandboxes, policies and examples are consistent with that purpose. However, the skill metadata declares no required binaries or install steps even though every runtime example requires an 'openshell' CLI and an OpenShell gateway; that undeclared dependency is an incoherence.
Instruction Scope
The SKILL.md confines actions to managing and running commands inside sandboxes (exec, connect, policy, logs). It does not instruct reading unrelated host files or environment variables. It does show file copy patterns (cat | exec tee) which legitimately transfer host data into sandboxes — this is expected for the stated purpose but means host files can be exposed to sandboxes if used.
Install Mechanism
No install spec is present (instruction-only), which minimizes disk writes or hidden downloads. This is coherent for a skill that simply documents how to use an existing OpenShell installation — but the skill should have declared that the 'openshell' binary and gateway must be present and reachable.
Credentials
The skill requests no environment variables or credentials, which is proportional. However, it implicitly requires agent access to an OpenShell gateway/CLI and network access to targets for scans; those runtime privileges are not declared. Also it references a base image (ghcr.io/nvidia/openshell-community/...) — you should validate that image and the gateway's configuration before trusting sandbox isolation.
Persistence & Privilege
The skill is not always-enabled and does not request persistent or system-wide configuration changes. It does not attempt to modify other skills' configs in the instructions.
What to consider before installing
This is an instruction-only skill that documents how to use an existing NVIDIA OpenShell installation. Before installing or using it: (1) Verify you actually have the 'openshell' CLI and gateway reachable from the agent (the SKILL.md assumes this but the metadata does not declare it). (2) Confirm the OpenShell gateway and base image (ghcr.io/nvidia/openshell-community/...) are from a trusted source and up-to-date, and inspect their manifest/content if possible. (3) Validate sandbox isolation (Landlock/seccomp/L7 policies) in your environment — the skill will run arbitrary commands inside sandboxes and can copy host files into them, so a misconfigured gateway could leak host data. (4) Be cautious about running network scans or pentesting commands (legal/ethical considerations and possible outbound network requirements). (5) If you want this skill to be safer, request the author add explicit required-binaries and environment preconditions (openshell CLI presence, gateway URL/credentials if needed) and include provenance/homepage/source information.

Like a lobster shell, security has layers — review code before you run it.

isolationvk97cypff1nr2c04n5yacxagsyh85c9f3latestvk97cypff1nr2c04n5yacxagsyh85c9f3nvidiavk97cypff1nr2c04n5yacxagsyh85c9f3openshellvk97cypff1nr2c04n5yacxagsyh85c9f3sandboxvk97cypff1nr2c04n5yacxagsyh85c9f3securityvk97cypff1nr2c04n5yacxagsyh85c9f3
25downloads
0stars
1versions
Updated 16h ago
v1.0.0
MIT-0
lJokerl@lllljokerllll
isolationlatestnvidiaopenshellsandboxsecurity
Download

OpenShell Sandbox Skill

Secure execution environment for specialist agents using NVIDIA OpenShell.

Overview

OpenShell provides sandboxed containers with Landlock LSM + seccomp + network namespaces + L7 policy engine. Each specialist agent gets an isolated sandbox for safe code execution.

Sandboxes Available

SandboxAgentPurposeStatus
coder-sandboxcoderCode execution, builds, testsReady
security-sandboxsecurityPentesting, security scansReady
debug-sandboxdebugBug reproduction, diagnosisReady
test-sandboxqa-testerTest executionReady

CLI Reference

# List all sandboxes
openshell sandbox list

# Execute command in sandbox
openshell sandbox exec -n <sandbox-name> -- <command> [args...]

# Interactive shell
openshell sandbox connect -n <sandbox-name>

# Create new sandbox
openshell sandbox create --name <name>

# Delete sandbox
openshell sandbox delete <name>

# View logs
openshell logs -n <sandbox-name>

# Gateway status
openshell status

# Diagnose issues
openshell doctor check

Agent Integration

For Coder Agent

When executing code that could affect the host system:

# Instead of running locally:
python3 script.py

# Run in sandbox:
openshell sandbox exec -n coder-sandbox -- python3 /workspace/script.py

For Security Agent

When running security tools or scans:

# Run nmap, nikto, etc. in isolated sandbox
openshell sandbox exec -n security-sandbox -- nmap -sV target

For Debug Agent

When reproducing bugs or testing fixes:

openshell sandbox exec -n debug-sandbox -- node test.js

For QA-Tester

When running test suites:

openshell sandbox exec -n test-sandbox -- pytest tests/

File Transfer

To copy files between host and sandbox:

# Copy file INTO sandbox (via exec cat)
cat local_file.py | openshell sandbox exec -n coder-sandbox -- tee /workspace/local_file.py

# Copy file FROM sandbox
openshell sandbox exec -n coder-sandbox -- cat /workspace/result.txt > local_result.txt

Policies

Default policies apply L7 network restrictions. To view/modify:

openshell policy list

Resource Limits

  • CPU: Shared with host (24GB RAM server)
  • Network: Restricted by L7 policy (no outbound by default)
  • Disk: Ephemeral (deleted with sandbox)
  • Timeout: 30 min default per exec command

Troubleshooting

  • Sandbox not found: Run openshell sandbox list to check status
  • Gateway down: Run openshell status and openshell doctor check
  • Permission denied: Sandboxes run as unprivileged user
  • Network blocked: Default policy denies outbound; use openshell policy to modify

Architecture

Host (Ubuntu ARM64)
  └── OpenShell Gateway (Docker + k3s)
       ├── coder-sandbox (aarch64, Python 3.13, Node 22)
       ├── security-sandbox (aarch64)
       ├── debug-sandbox (aarch64)
       └── test-sandbox (aarch64)

Version

  • OpenShell CLI: 0.0.35
  • Base image: ghcr.io/nvidia/openshell-community/sandboxes/base:latest
  • Platform: aarch64 (ARM64)

Comments

Loading comments...