Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw 沙盒测试系统
v2.0.0OpenClaw 沙盒测试系统 v2.0 - 零风险配置变更测试,9 层防护 +5 原则,自动备份回滚,Git 版本管理
⭐ 0· 324·2 current·2 all-time
bywh1ko@zoopools
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (sandbox for OpenClaw config testing) match the code: scripts create a temporary sandbox, validate configs, start a gateway, backup and apply production configs. Nothing requests unrelated cloud credentials or exotic binaries. One surprising item: the sandbox config enables a 'feishu-openclaw-plugin' in templates/safe-try.sh; allowing a plugin that may require external credentials is not obviously necessary for a generic sandbox and the skill does not declare any plugin-related environment variables or creds.
Instruction Scope
The runtime instructions and included shell scripts manipulate environment variables (export OPENCLAW_HOME and HOME), create files under $HOME and /tmp, start a background gateway process, and provide an apply-to-production flow that runs openclaw gateway restart. The scripts are explicit about these actions (not stealthy), but they also embed a hard-coded user path (/Users/wh1ko) in scripts/cleanup-env.sh and assume behaviours (e.g., restoring HOME to that path). cleanup-env.sh and the SKILL.md do not make it clear when or whether users should run cleanup-env.sh automatically. The presence of a configured plugin (feishu-openclaw-plugin) and an in-cleartext sandbox token in the example config are also things a user should validate.
Install Mechanism
There is no install spec (instruction-only), so no network downloads or opaque installers are performed by the skill itself. The code files are plain shell scripts bundled in the skill — lower risk than a remote install URL. The platform will write these files into the skill path when installed, which is expected.
Credentials
The skill does not request credentials or env vars in metadata (good), but the scripts actively set and unset OPENCLAW_HOME and temporarily change HOME for the gateway process. cleanup-env.sh unconditionally sets HOME back to '/Users/wh1ko' if HOME differs, which is a hard-coded developer path and not proportional to a general-purpose skill; running that script on other machines could mis-set HOME. Also, enabling 'feishu-openclaw-plugin' in the sandbox config may implicitly require Feishu credentials not declared by the skill.
Persistence & Privilege
The skill is not always:true and does not request elevated platform privileges. It writes files into the user's skill directory, $HOME/.openclaw/backups, and /tmp for sandbox state — expected for a sandbox tool. It does start a background process (openclaw gateway) in the user's context, which is expected behavior but worth noting before launch.
What to consider before installing
This skill appears to implement a useful sandbox workflow for OpenClaw, but review the scripts before running them. Specifically: 1) Inspect templates/safe-try.sh and templates/apply-config.sh to ensure the openclaw commands, ports, and the sandbox token are acceptable for your environment. 2) Remove or change the enabled plugin ('feishu-openclaw-plugin') if you don't want sandbox to load external integrations — that plugin may need credentials not declared by the skill. 3) Fix the hard-coded user path in scripts/cleanup-env.sh (/Users/wh1ko) — it will mis-restore HOME on other machines; prefer restoring HOME from the parent shell or documenting the expected username. 4) Run the sandbox first on an isolated test machine or non-critical account, confirm the backup/rollback process works, and only then use apply-config.sh on production. 5) Because the scripts start a background gateway, ensure you understand how to stop it (PID file location) and verify logs before applying changes to production.Like a lobster shell, security has layers — review code before you run it.
isolationvk97c0kqfv1q8mcrz4n8nkm5j3x82nw9xlatestvk97c0kqfv1q8mcrz4n8nkm5j3x82nw9xsafetyvk97c0kqfv1q8mcrz4n8nkm5j3x82nw9xsandboxvk97c0kqfv1q8mcrz4n8nkm5j3x82nw9xtestingvk97c0kqfv1q8mcrz4n8nkm5j3x82nw9x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.