ClawHub

Openclaw Skill

Sandboxed command runner for AI agents — validates and isolates every shell action inside a Bubblewrap user namespace.

Audits

Pass
ClawScanReview

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install skillshield-openclaw

skillshield

Sandboxed command runner for AI agents — validates and isolates every shell action inside a Bubblewrap user namespace.

SkillShield sits between your AI agent and the operating system. Before any shell command runs, a lightweight Rust daemon checks it against a set of safety rules and decides whether to allow it, sandbox it, or ask for your confirmation. Every decision is logged so you always know what happened.

What it does

  1. Validates commands — checks each shell request against configurable rules before execution.
  2. Isolates execution — runs approved commands inside a Bubblewrap sandbox with a minimal, read-only root filesystem.
  3. Limits repetition — stops agents that get stuck in a loop and start consuming too many resources.
  4. Logs decisions — every action (allowed, sandboxed, or paused for review) is recorded with structured metadata.

How to use

# Install from ClawHub
npx clawhub@latest install skillshield-openclaw

# Run a command through the safety layer
./skillshield-exec.sh "echo hello world"

Requirements

DependencyPurpose
LinuxUser-namespace support
bwrapBubblewrap sandbox runtime
cargoBuilds the Rust daemon on first run

Links