Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Powershell Sandbox
v0.1.0在受限的 PowerShell 环境中安全执行脚本,支持命令白名单、超时控制、输出限制和文件路径隔离。
⭐ 0· 33·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
SKILL.md and package.json claim a sandbox executable at src/sandbox.ps1 (package.json 'main' points to it and the docs show many runtime options), but the file manifest does not include src/sandbox.ps1 or any src/ implementation. That mismatch means the skill as provided cannot deliver the claimed sandbox capability and is therefore incoherent.
Instruction Scope
The instructions direct the agent to execute an external PowerShell script via exec (e.g., executing skills/powershell-sandbox/src/sandbox.ps1 against paths inside the agent workspace). If the referenced sandbox script is absent or unreviewed, the agent would instead execute whatever script exists at the provided ScriptPath (potentially arbitrary user scripts). The SKILL.md also relies on pre-execution scanning and enforcement, but those enforcement steps are only described in prose — no implementation is present to verify they actually run.
Install Mechanism
No install spec (instruction-only skill), which lowers install-supply-chain risk. However, because no sandbox implementation is shipped, the lack of install artifacts increases the danger of a false assurance (the docs promise enforcement that isn't present).
Credentials
The skill requests no environment variables, no credentials, and no config paths. The declared environment access is proportionate to a local PowerShell sandbox. There are no unexplained secret or cloud credential requests.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent system-wide privileges. However, because it instructs the agent to exec local PowerShell with user-provided scripts, the runtime privilege depends on how the agent is run (the skill itself doesn't request elevated persistence).
What to consider before installing
Do not rely on this package to safely sandbox untrusted PowerShell code in its current form. The repository as provided does not include the core src/sandbox.ps1 implementation even though docs and package.json reference it. The test harness is superficial (it increments passes even when the sandbox script is missing and validates patterns rather than executing enforcement code), so the TEST_RESULTS.md is not strong proof of safety. Before installing or invoking: 1) obtain and review the actual src/sandbox.ps1 source; verify it implements the claimed static checks, .NET type restrictions, job-based timeout termination, output truncation, and file path isolation; 2) refuse to run or enable -AllowNetwork unless you fully trust the script; 3) run the sandbox only in an isolated environment (VM/container) until you audit it; 4) ask the author for a homepage/source repo and real tests that exercise enforcement (not just string checks); 5) avoid giving the agent elevated privileges or running as admin while testing. If you cannot get the sandbox.ps1 source, treat this skill as non-functional and potentially dangerous.Like a lobster shell, security has layers — review code before you run it.
latestvk976adkdn8y70qh8vk8ha6s83s83yzhx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.