Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Powershell Sandbox
v0.1.0在受限 PowerShell 环境中安全执行脚本,支持命令白名单、超时控制、输出限制、文件隔离和执行前安全检查。
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md and package.json describe and document a runnable PowerShell sandbox (src/sandbox.ps1, tests, etc.) but the package contains no code files—only documentation. The skill also claims to target PowerShell 5.1+/7+ yet the metadata declares no required binaries or OS restriction. An agent would need PowerShell installed to fulfill the stated purpose; the absence of declared runtime requirements and the missing sandbox implementation are incoherent with the described capability.
Instruction Scope
The instructions describe scanning script contents, enforcing command and .NET-type whitelists, running scripts as PowerShell jobs, enforcing timeouts, truncating output, and writing audit logs to a local path. These runtime actions are broadly consistent with the stated goal. However, the doc-level instructions direct the agent to exec a local sandbox script (path shown) that does not exist in the package; the pre-execution scanning approach described could be bypassed by obfuscation or dynamic code constructs (IEX is explicitly forbidden, but other vectors exist). The doc also instructs writing audit logs to '.learnings/sandbox-log.md' (writing to disk) which is reasonable for auditing but should be validated.
Install Mechanism
There is no install spec (instruction-only), which minimizes install-time risk. However, package.json declares 'main': 'src/sandbox.ps1' and tests, yet those files are absent from the package. This discrepancy is suspicious: the package claims a runnable entrypoint and passing tests but provides only documentation.
Credentials
The skill requests no environment variables or credentials, which is proportionate for a local sandbox. One caution: the skill exposes an '-AllowNetwork' option that, if used, permits network access; enabling it increases risk and should be avoided unless absolutely necessary and validated. The documentation's recommended behaviors (no external interfaces, use sandbox for untrusted code) align with the lack of credentials.
Persistence & Privilege
The skill does not request persistent or system-wide privileges; flags show always:false and normal model invocation behavior. It does recommend creating local audit logs but does not claim to modify other skills or system configs. No elevated privileges are requested in metadata.
Scan Findings in Context
[no_code_files_for_declared_entrypoint] unexpected: The regex scanner found nothing because there are no code files to scan. SKILL.md and package.json reference src/sandbox.ps1 and test scripts, but those files are not included in the package — this is unexpected for a skill whose primary function is to run a script.
What to consider before installing
Do not install or run this skill as-is. Before trusting it: (1) ask the publisher/source for the actual sandbox implementation (src/sandbox.ps1) and confirm it is present; (2) review the sandbox.ps1 code to verify command/.NET-type filtering, file-path isolation, and job-based termination are implemented securely and cannot be trivially bypassed; (3) verify runtime requirements (PowerShell version, OS) and that your agent environment meets them; (4) test the implementation in an isolated VM with no network access and inspect audit logs for behavior; (5) avoid using the -AllowNetwork option unless you have audited the code; (6) be skeptical of the included TEST_RESULTS.md until you can reproduce those tests against the real code. These inconsistencies could be an oversight or a sign of incomplete/mispackaged skill — proceed only after obtaining and reviewing the actual implementation.Like a lobster shell, security has layers — review code before you run it.
latestvk97fqcs48wrv0rn6xafbn7k7xn83na4s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.