PaperPod
PassAudited by ClawScan on May 10, 2026.
Overview
PaperPod appears to be a disclosed remote sandbox service, but installing it lets your agent use a PaperPod account token to run code, expose web previews, and store data in that service.
Use PaperPod only if you want your agent to access an external paid sandbox runtime. Protect the PaperPod token, avoid sending sensitive files or secrets unless necessary, monitor billing and running processes, and clean up persistent memory and exposed services after each task.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could run arbitrary commands in PaperPod, keep processes running, or publish a sandbox service at a public URL if the user directs or permits that workflow.
The skill intentionally gives the agent broad remote execution and service-exposure primitives. This matches the advertised sandbox runtime purpose, but it is powerful and can have user-visible effects.
`ppod exec <cmd>` | Run shell command; `ppod start <cmd>` | Start background process; `ppod expose <port>` | Get public URL
Install only if you want a broad remote execution environment; monitor running processes, exposed ports, and PaperPod credit usage.
Anyone with the token could use the associated PaperPod account until the token expires or is revoked.
PaperPod uses a session token to authorize access to the user's PaperPod account. This is expected for the service, but it is a real account credential despite the registry listing no primary credential.
`ppod login pp_sess_...`; `export PAPERPOD_TOKEN=pp_sess_...`; `Authorization: Bearer pp_sess_...`; Tokens expire in **15 days**.
Treat the PaperPod token like a password, avoid pasting it into untrusted contexts, and rotate it if exposed.
Installing the CLI runs software from outside this skill package on the user's machine.
The skill relies on an unpinned global npm CLI that is not included in the reviewed artifacts. This setup is user-directed and purpose-aligned, but the package code was not available for review here.
`npm install -g @paperpod/cli`
Install the CLI only from the expected npm package, consider pinning versions, and review the package provenance if using it in sensitive environments.
Data or task state written to PaperPod memory may remain available to later PaperPod sessions.
The service provides persistent remote memory with write/read/list/delete operations. This is disclosed, but stored data can outlive an individual sandbox session.
Persistent storage that survives sandbox resets (10MB per user).
Do not store secrets or sensitive data in PaperPod memory unless necessary, and use the delete/list commands to clean up.
A forgotten process or browser session could keep consuming compute or leave a preview service available longer than intended.
The skill supports background processes and reusable browser sessions. These are disclosed and include stop/list controls, but they can continue beyond the immediate command if not managed.
`ppod start <cmd>` | Start background process; `ppod kill <id>` | Stop process; `ppod browser:acquire` | Acquire reusable session
Regularly check `ppod ps`, browser sessions, exposed ports, and account balance; stop or delete resources after use.