ClawHub

Openclaw Skill

v2.1.8

Sandboxed command runner for AI agents — validates and isolates every shell action inside a Bubblewrap user namespace.

0· 452·1 current·1 all-time
by@star8592

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for star8592/skillshield-openclaw.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Openclaw Skill" (star8592/skillshield-openclaw) from ClawHub.
Skill page: https://clawhub.ai/star8592/skillshield-openclaw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install star8592/skillshield-openclaw

ClawHub CLI

Package manager switcher

npx clawhub@latest install skillshield-openclaw
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The declared purpose (validate and run shell commands in a Bubblewrap sandbox) matches the provided files and runtime behavior. The wrapper script checks for bwrap, cargo, curl and python3 and the Rust daemon implements a Bubblewrap executor. Required binaries (cargo, bwrap, curl, python3) are used by the wrapper and daemon and are proportionate to the task.
Instruction Scope
SKILL.md and skillshield-exec.sh instruct building a local daemon and forwarding commands via a unix-domain socket; the code only touches files inside the user's XDG cache directory for build artifacts, PID/log/socket. The daemon can be configured (via the SKILLSHIELDD_BIND env var) to bind TCP instead of a unix socket — the wrapper sets a unix socket by default, but the binary supports alternate (network) binding which expands its attack surface if misconfigured or run manually.
Install Mechanism
This is instruction-only (no marketplace install spec), but includes full Rust source and a wrapper that invokes cargo build on first run. Building and running supplied native code is coherent for this skill, but compiling unknown third-party code locally is a real risk because the resulting binary executes with your user privileges. The code itself contains no obvious exfiltration or remote endpoints.
Credentials
The skill does not require secrets or unrelated environment variables. The only meaningful env interaction is SKILLSHIELDD_BIND (used to choose unix vs tcp binding) and standard XDG_CACHE_HOME/$HOME for cache paths; these are consistent with a local daemon. No credentials or unrelated service tokens are requested.
Persistence & Privilege
always:false (not persisted system‑wide). The skill writes build artifacts, logs, pid and a unix socket into the user's cache directory and launches a user‑owned background daemon — this is expected for a local enforcement service. It does not modify other skills or system-wide agent settings. The ability to bind TCP (if env changed) increases privilege scope if misused.
Assessment
This skill appears to do what it says: build a local Rust daemon and run commands inside a Bubblewrap sandbox. Before installing, consider: 1) you will compile and run native code from an unverified source — inspect the source yourself or run it in an isolated VM/container if you don't trust the publisher; 2) the wrapper defaults to a unix socket but the daemon supports TCP binding via SKILLSHIELDD_BIND — avoid exposing it to the network unless you intend to and have secured it; 3) the tool writes logs and build artifacts into your XDG cache directory (~/.cache by default); 4) ensure your system supports user namespaces and Bubblewrap; and 5) verify the publisher/homepage and consider auditing the Cargo.toml/dependencies if you need higher assurance.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis
latestvk973039nyyns6rt9dtwr6x6sq582rssasecurityvk978mdeq687k9m1hb2gjen9ae982s0apsystemvk978mdeq687k9m1hb2gjen9ae982s0ap
452downloads
0stars
12versions
Updated 1mo ago
v2.1.8
MIT-0
@star8592
latestsecuritysystem
Download

skillshield

Sandboxed command runner for AI agents — validates and isolates every shell action inside a Bubblewrap user namespace.

SkillShield sits between your AI agent and the operating system. Before any shell command runs, a lightweight Rust daemon checks it against a set of safety rules and decides whether to allow it, sandbox it, or ask for your confirmation. Every decision is logged so you always know what happened.

What it does

  1. Validates commands — checks each shell request against configurable rules before execution.
  2. Isolates execution — runs approved commands inside a Bubblewrap sandbox with a minimal, read-only root filesystem.
  3. Limits repetition — stops agents that get stuck in a loop and start consuming too many resources.
  4. Logs decisions — every action (allowed, sandboxed, or paused for review) is recorded with structured metadata.

How to use

# Install from ClawHub
npx clawhub@latest install skillshield-openclaw

# Run a command through the safety layer
./skillshield-exec.sh "echo hello world"

Requirements

DependencyPurpose
LinuxUser-namespace support
bwrapBubblewrap sandbox runtime
cargoBuilds the Rust daemon on first run

Links

Comments

Loading comments...