Cloudsway ScaleBox Sandbox

v1.0.5

Create and manage isolated cloud sandboxes for secure, remote code execution, browser automation, and temporary development environments via CLI, API, or Pyt...

⭐ 0· 117·0 current·0 all-time

by@gloriathepenguin

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gloriathepenguin/cloudsway-scalebox-sandbox.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Cloudsway ScaleBox Sandbox" (gloriathepenguin/cloudsway-scalebox-sandbox) from ClawHub.
Skill page: https://clawhub.ai/gloriathepenguin/cloudsway-scalebox-sandbox
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cloudsway-scalebox-sandbox

ClawHub CLI

Package manager switcher

npx clawhub@latest install cloudsway-scalebox-sandbox

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

SKILL.md describes creating/managing cloud sandboxes and shows API/CLI/SDK usage. The operations it instructs (create sandboxes, open ports, upload/download files, exec commands) align with that purpose.

✓

Instruction Scope

Runtime instructions are scoped to ScaleBox operations (curl to api.scalebox.dev, scalebox-cli commands, file uploads, command exec inside sandboxes). They do not instruct reading arbitrary local files or unrelated credentials. The README explicitly tells the user to obtain and set SCALEBOX_API_KEY and to install the official CLI.

ℹ

Install Mechanism

This is an instruction-only skill (no install spec, no code files) which lowers risk of hidden code. The SKILL.md directs users to download/verify an official CLI; that is reasonable. Note: skill.json lists runtime commands including 'scalebox-cli' and 'curl' which implies those binaries must exist — but the registry metadata above reported 'Required binaries: none' creating an inconsistency to resolve.

ℹ

Credentials

The skill requires a single ScaleBox API key (SCALEBOX_API_KEY) which is appropriate for the described tasks. However, the top-level registry metadata you were shown lists no required env vars while skill.json marks SCALEBOX_API_KEY as required—this mismatch should be clarified. Ensure any provided API key has minimal scope and short TTL if possible.

✓

Persistence & Privilege

The skill does not request 'always: true' or any system config paths, and is instruction-only so it does not install persistent binaries. It does require network access (calls to api.scalebox.dev) which is expected for a cloud sandbox controller.

What to consider before installing

Before installing or enabling this skill: - Confirm the skill's provenance: there is no homepage/source repo listed. Prefer skills with a known vendor or repository. - Verify the declared requirements: skill.json and SKILL.md expect SCALEBOX_API_KEY and availability of 'scalebox-cli' and 'curl', but the registry summary above showed none — clarify which is authoritative. - Limit risk of credential misuse: only provide a scoped ScaleBox API key (least privilege) and consider using a short-lived key that can be rotated. - Verify CLI download integrity: follow the SKILL.md advice to fetch the official CLI from https://www.scalebox.dev and verify checksums if available. - Understand the capabilities: this skill can upload files and execute commands in remote sandboxes — a compromised or misconfigured ScaleBox API key could let an attacker run code on your cloud account or exfiltrate data to sandbox endpoints. Monitor sandbox creation/activity and revoke keys if suspicious. - If you need higher assurance, ask the publisher for a source repo, release signatures, and a privacy/security statement. If you cannot validate the source, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

cloudvk97dn2p7tg2vcb8ps4qxwa49rd83bd63cloudswayvk97dn2p7tg2vcb8ps4qxwa49rd83bd63code-executionvk97dn2p7tg2vcb8ps4qxwa49rd83bd63latestvk97dn2p7tg2vcb8ps4qxwa49rd83bd63sandboxvk97dn2p7tg2vcb8ps4qxwa49rd83bd63

117downloads

0stars

6versions

Updated 1mo ago

v1.0.5

MIT-0

ScaleBox Sandbox Skill

Create and manage isolated cloud sandboxes for secure code execution.

When to Use

Running untrusted code in an isolated environment
Browser automation (browser-use, computer-use templates)
Testing scripts that may have side effects
Remote code execution without local resource impact
Creating temporary development environments

Prerequisites

1. Get API Key

Set environment variable:

export SCALEBOX_API_KEY="your-api-key-here"

2. Install CLI

Download the official CLI from ScaleBox Documentation:

# Visit official docs for platform-specific downloads
# https://www.scalebox.dev/docs/en/cli/installation

# After installation, authenticate:
scalebox-cli auth login --api-key $SCALEBOX_API_KEY --server-url https://api.scalebox.dev

Security Note: Always download CLI from official sources. Verify checksums when available.

3. Server URL

https://api.scalebox.dev

Port Access URL Format

Important: ScaleBox uses port prefixes, not port suffixes.

Method 1: Specify ports at creation time (Recommended)

Use API to specify custom_ports when creating the sandbox:

curl -X POST "https://api.scalebox.dev/v1/sandboxes" \
  -H "X-API-Key: $SCALEBOX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "template": "base",
    "name": "my-sandbox",
    "timeout": 3600,
    "custom_ports": [
      {"port": 8080, "name": "web-server", "protocol": "TCP"}
    ]
  }'

Method 2: Add port to running sandbox

If you need to add a port after creation:

# CLI
scalebox-cli sandbox port add <sandbox-id> --port 8080 --name web-server --protocol TCP

# API
curl -X POST "https://api.scalebox.dev/v1/sandboxes/{sandbox_id}/ports" \
  -H "X-API-Key: $SCALEBOX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"port": 8080, "name": "web-server", "protocol": "TCP"}'

Access URL Format

Format: https://{port}-{sandbox_domain}/path

Example:

Sandbox domain: sbx-abc123.k27xn5o3lnw5dan3x.scalebox.dev
Port: 8080
Correct URL: https://8080-sbx-abc123.k27xn5o3lnw5dan3x.scalebox.dev/
❌ Wrong: https://sbx-abc123.k27xn5o3lnw5dan3x.scalebox.dev:8080/

Available Templates

Template	CPU	Memory	Use Case
base	2	512MB	Basic sandbox
code-interpreter	2	1GB	Jupyter environment
browser-use	2	2GB	Browser automation (VNC)
browser-use-headless	4	4GB	Browser automation (headless)
desktop	8	8GB	Desktop environment (VNC)
computer-use-preview	2	2GB	Google Computer Use

Three Ways to Use ScaleBox

Method	Best For	Notes
CLI	File operations, command execution	Most powerful, cross-platform
REST API	Lifecycle management	Auth via `X-API-Key` header
Python SDK	Programmatic access	`pip install scalebox-sdk`

Method 1: CLI Commands

1.1 Sandbox Lifecycle

# Create sandbox
scalebox-cli sandbox create --template <name> --name <name> --timeout <seconds>

# List sandboxes
scalebox-cli sandbox list

# Get sandbox details
scalebox-cli sandbox get <sandbox-id>

# Pause sandbox (preserves state)
scalebox-cli sandbox pause <sandbox-id>

# Resume paused sandbox
scalebox-cli sandbox resume <sandbox-id>

# Terminate sandbox immediately
scalebox-cli sandbox terminate <sandbox-id>

# Delete sandbox and resources
scalebox-cli sandbox delete <sandbox-id>

Create parameters:

--template: Template name or ID (default: base)
--name: Sandbox name (optional, auto-generated)
--timeout: Timeout in seconds (default: 300)
--cpu: CPU count (minimum: 2)
--memory: Memory in MB
--storage: Storage in GB
--async: Fire-and-forget mode - returns immediately, sandbox may still be starting. You must poll status yourself.
--auto-pause: Pause on timeout instead of terminate

Important: async vs sync:

Sync mode (default, no --async): Waits for sandbox to be fully running before returning. The returned sandbox is ready to use.
Async mode (--async): Returns immediately after creating the request. The sandbox may still be starting. You must poll sandbox get <id> until status: running before using it.

# Sync mode (recommended) - sandbox is ready when command returns
scalebox-cli sandbox create --template base --timeout 600
# Output includes sandbox ID, ready to use

# Async mode - need to wait
scalebox-cli sandbox create --template base --timeout 600 --async
# Returns immediately, sandbox may still be starting
# Must poll: scalebox-cli sandbox get <id> until status is "running"

1.2 File Operations

# Upload file
scalebox-cli sandbox upload <sandbox-id> <local-path> <remote-path>

# Upload directory recursively
scalebox-cli sandbox upload <sandbox-id> ./project /workspace/project --recursive

# Download file
scalebox-cli sandbox download <sandbox-id> <remote-path> <local-path>

# List files
scalebox-cli sandbox ls <sandbox-id> <remote-path>

Note: Remote path must be absolute (e.g., /workspace/file.py).

1.3 Command Execution

# Execute command
scalebox-cli sandbox exec <sandbox-id> "<command>"

# With working directory
scalebox-cli sandbox exec <sandbox-id> "python3 script.py" --cwd /workspace

# With timeout
scalebox-cli sandbox exec <sandbox-id> "npm install" --timeout 120

Method 2: REST API

2.1 Authentication

All requests require X-API-Key header:

curl -H "X-API-Key: $SCALEBOX_API_KEY" https://api.scalebox.dev/v1/sandboxes

2.2 Sandbox Endpoints

Operation	Method	Endpoint
Create sandbox	POST	`/v1/sandboxes`
List sandboxes	GET	`/v1/sandboxes`
Get sandbox	GET	`/v1/sandboxes/{id}`
Delete sandbox	DELETE	`/v1/sandboxes/{id}`
Pause sandbox	POST	`/v1/sandboxes/{id}/pause`
Resume sandbox	POST	`/v1/sandboxes/{id}/resume`

Note: File operations (upload/download/exec) are only available via CLI or SDK.

2.3 API Example

# Create sandbox
curl -X POST "https://api.scalebox.dev/v1/sandboxes" \
  -H "X-API-Key: $SCALEBOX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"template": "base", "name": "my-sandbox", "timeout": 600}'

Method 3: Python SDK

3.1 Installation

pip install scalebox-sdk

Module name: scalebox (not scalebox_sdk)

3.2 Basic Usage

import scalebox
import os

# Create sandbox
sandbox = scalebox.Sandbox.create(
    template="base",
    timeout=600,
    api_key=os.environ.get("SCALEBOX_API_KEY")
)

print(f"Sandbox ID: {sandbox.sandbox_id}")

# Get signed URLs for file operations
upload_url = sandbox.upload_url(path="/workspace/test.py")
download_url = sandbox.download_url(path="/workspace/output.json")

# Kill sandbox
sandbox.kill()

Typical Workflow

# 1. Create sandbox
sandbox_id=$(scalebox-cli sandbox create --template code-interpreter --name my-task --async | grep "Sandbox ID:" | awk '{print $3}')

# 2. Upload code
scalebox-cli sandbox upload $sandbox_id ./script.py /workspace/script.py

# 3. Execute
scalebox-cli sandbox exec $sandbox_id "python3 /workspace/script.py"

# 4. Download results
scalebox-cli sandbox download $sandbox_id /workspace/output.json ./output.json

# 5. Cleanup
scalebox-cli sandbox delete $sandbox_id

Security Notes

Sandboxes are completely isolated from local machine
All file paths must be absolute (no .. traversal)
Internet access enabled by default (disable with --internet=false)
Credentials never stored in database
Minimum CPU: 2 cores
Always download CLI from official sources

Error Handling

Error	Solution
`CPU count must be at least 2`	Use `--cpu 2` or higher
`health check timeout`	Check status with `sandbox get`
`Sandbox not found`	Verify sandbox ID
`Timeout exceeded`	Create new sandbox

Version

Skill: 1.0.5
CLI: v1.3.4
SDK: v0.1.9
API: v1

Last updated: 2026-03-21

Comments

Loading comments...