ClawHub

Docker Sandbox Lucas

v1.0.1

Create and manage Docker sandboxed VM environments for safe agent execution. Use when running untrusted code, exploring packages, or isolating agent workloads. Supports Claude, Codex, Copilot, Gemini, and Kiro agents with network proxy controls.

0· 1k·6 current·6 all-time
by@lucasseeley
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (create/manage Docker sandboxes) match the runtime instructions: the skill requires the docker binary and uses 'docker sandbox' commands. No unrelated credentials, binaries, or installs are requested.
!
Instruction Scope
The SKILL.md explicitly describes mounting host workspaces into sandboxes (virtiofs) and provides that sandboxes include a Docker socket at /run/docker.sock (Docker-in-Docker capable). Both of these are normal for some sandbox workflows but directly weaken isolation: mounting arbitrary host paths grants sandbox access to host files, and exposing docker.sock enables container escape and host control. Those behaviors conflict with the 'safe' framing and should be treated as dangerous unless carefully constrained (strict allowlists, no mounting of sensitive paths, and no forwarding of host docker socket). The instructions also advise setting network proxies and allow/block lists — appropriate, but network controls alone do not mitigate the docker.sock or mount risks.
Install Mechanism
Instruction-only skill; no install steps or external downloads. This minimizes on-disk risk because nothing is added by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md suggests setting environment variables inside the sandbox (HTTP_PROXY, etc.), which is reasonable and proportional. There is no unexplained request for unrelated secrets.
Persistence & Privilege
always:false and no install are appropriate. However, the operational model (creating sandboxes that mount host paths and may forward /run/docker.sock) effectively grants created sandboxes high privileges over the host while they exist. The skill itself does not request persistent platform privileges, but following its instructions can produce high-impact privileges on the host.
What to consider before installing
This skill appears to implement Docker-based sandboxes as advertised, but you should treat its 'safe' claims cautiously. Before using: 1) Confirm you trust Docker Desktop's sandbox implementation and the version requirement. 2) Avoid forwarding the host Docker socket into sandboxes unless you understand the implications — access to /run/docker.sock lets processes control the host Docker daemon and break containment. 3) Be careful which host directories you mount; do not mount sensitive paths (home/.ssh, credentials, system dirs). 4) When testing untrusted code, prefer deny-by-default network policy with explicit allowlists and avoid allowing access to internal services. 5) If you need stronger guarantees, run untrusted workloads in an isolated VM/instance that does not expose the host docker daemon or host filesystem. 6) Because this is instruction-only and has no source/homepage, consider testing the workflow in a disposable environment first and verify behavior (what files are visible inside the sandbox, whether docker.sock is actually present) before using with real secrets or valuable host resources.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ytk27x6tyb43jprnct9kwx80zazb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🐳 Clawdis
OSLinux · macOS · Windows
Binsdocker

Comments