Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tcb Sandbox
v0.3.11Operate remote TRW workspaces via @tcb-sandbox/cli (HTTP/MCP client). The TRW npm package is not published publicly; the CLI embeds a production TRW build (`...
⭐ 0· 362·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with requirements: the skill manages TRW workspaces, declares the tcb-sandbox binary and session/endpoint env vars, and provides an npm install for @tcb-sandbox/cli which produces the expected binary. Requiring a session id and endpoint is proportionate for remote workspace operations.
Instruction Scope
SKILL.md mostly confines actions to the remote TRW workspace and explicitly forbids reading arbitrary local credentials. However it (a) references an optional TCB_SANDBOX_HEADERS_JSON environment variable not declared in requires.env, (b) instructs the agent to proceed with high-risk destructive or PTY/bash operations after logging a notice without requiring an additional interactive confirmation, which enables autonomous destructive actions if the agent is invoked automatically.
Install Mechanism
Install uses a published npm package (@tcb-sandbox/cli@0.3.9) which maps to the required binary — a reasonable mechanism. Minor mismatch: SKILL.md bootstrap suggests pnpm add -g while the install metadata lists a node/npm package; this is plausibly benign but inconsistent and worth confirming. No direct download URLs or archive extraction were present.
Credentials
Declared required env vars (TCB_SANDBOX_ENDPOINT, TCB_SANDBOX_SESSION_ID) are appropriate. But SKILL.md permits an extra TCB_SANDBOX_HEADERS_JSON for gateway headers (not declared in metadata) which could carry additional sensitive tokens/headers; that undocumented optional variable increases risk if populated. Primary credential being TCB_SANDBOX_SESSION_ID is reasonable.
Persistence & Privilege
The skill does not request always:true, has no system config paths, and does not claim to modify other skills or global agent settings. It does allow autonomous invocation (platform default), which combined with the instruction to proceed after high-risk notices increases operational risk but is not a metadata privilege escalation by itself.
What to consider before installing
This skill is largely coherent for managing remote TRW workspaces, but review a few things before installing:
- Confirm the npm package source and trustworthiness of @tcb-sandbox/cli (check the package registry owner, published tarball contents, and homepage). If the package is private or from an unknown publisher, prefer to vet it first or run the CLI locally.
- Avoid supplying broad credentials in TCB_SANDBOX_HEADERS_JSON unless you trust the endpoint; that env var is referenced in the docs but not declared in metadata.
- Be aware the SKILL.md instructs the agent to log a high-risk notice and then proceed with destructive/PT Y/bash actions without an interactive confirmation. If you plan to allow autonomous agent invocation, this means the agent could execute potentially destructive commands once it has the session id — consider requiring explicit user confirmation in your workflow or disallowing autonomous runs for this skill.
- Ask the skill author (or inspect the CLI package) to resolve the minor inconsistencies: pnpm vs npm in bootstrap instructions and to declare any optional environment variables (like TCB_SANDBOX_HEADERS_JSON) in metadata.
If you cannot verify the package or do not want remote destructive operations to run without an explicit human confirmation, do not install or do not grant the session credentials to the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk972yxjzkv691kdk73qjssv745841e6m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binstcb-sandbox
EnvTCB_SANDBOX_ENDPOINT, TCB_SANDBOX_SESSION_ID
Primary envTCB_SANDBOX_SESSION_ID
Install
Install @tcb-sandbox/cli@0.3.9 (npm)
Bins: tcb-sandbox
npm i -g @tcb-sandbox/cli@0.3.9