Remote OpenClaw

arc-skill-sandbox

Health & Fitness
v1.1.0
Benign

Test untrusted skills in an isolated environment before installing.

600 downloads600 installsby @trypto1019

Setup & Installation

Install command

clawhub install trypto1019/arc-skill-sandbox

If the CLI is not installed:

Install command

npx clawhub@latest install trypto1019/arc-skill-sandbox

Or install with OpenClaw CLI:

Install command

openclaw skills install trypto1019/arc-skill-sandbox
View on GitHub

or paste the repo link into your assistant's chat

Install command

https://github.com/openclaw/skills/tree/main/skills/trypto1019/arc-skill-sandbox

What This Skill Does

Runs untrusted skills in a monitored environment before installation. Tracks filesystem access, environment variable reads, network connections, and subprocess calls during execution. Produces a JSON report with a safety verdict (SAFE / SUSPICIOUS / DANGEROUS).

Static analysis misses runtime behavior, so executing the skill in a monitored environment reveals what it actually does with your data and credentials.

When to Use It

  • Testing a ClawHub skill before installing it on your real agent
  • Checking if a downloaded script reads API keys or tokens
  • Catching outbound network calls made by an unknown skill
  • Running a skill with fake credentials to detect exfiltration attempts
  • Generating a safety report before a team-wide skill rollout
View original SKILL.md file
# Skill Sandbox

Run untrusted skills in a monitored environment. See exactly what they do before giving them access to your real system.

## Why This Exists

ClawHub has hundreds of skills. Some are malicious. Even after scanning with arc-skill-scanner, you can't catch everything with static analysis. The sandbox lets you run a skill's scripts and observe their behavior at runtime — what network calls they make, what files they access, what environment variables they read.

## Commands

### Sandbox a skill directory
```bash
python3 {baseDir}/scripts/sandbox.py run --path ~/.openclaw/skills/some-skill/
```

### Run a specific script in sandbox
```bash
python3 {baseDir}/scripts/sandbox.py run --script ~/.openclaw/skills/some-skill/scripts/main.py
```

### Run with network monitoring
```bash
python3 {baseDir}/scripts/sandbox.py run --path ~/.openclaw/skills/some-skill/ --monitor-network
```

### Run with fake environment variables
```bash
python3 {baseDir}/scripts/sandbox.py run --path ~/.openclaw/skills/some-skill/ --fake-env
```

### Run with a time limit
```bash
python3 {baseDir}/scripts/sandbox.py run --path ~/.openclaw/skills/some-skill/ --timeout 30
```

### Generate a safety report
```bash
python3 {baseDir}/scripts/sandbox.py report --path ~/.openclaw/skills/some-skill/
```

## What It Monitors

### Filesystem Access
- Files opened (read/write)
- Directories created
- File deletions
- Permission changes

### Environment Variables
- Which env vars are read
- Whether sensitive keys are accessed (API keys, tokens, passwords)
- Option to inject fake values to see what the skill does with them

### Network Activity
- Outbound HTTP/HTTPS requests (URLs, methods, payloads)
- DNS lookups
- Socket connections
- FTP, SMTP, and other protocols

### Process Execution
- Subprocess calls
- Shell commands
- Dynamic imports

## Safety Modes

- **observe** (default) — Run the skill and log everything it does. No restrictions.
- **restricted** — Block network access and filesystem writes outside a temp directory.
- **honeypot** — Provide fake credentials and endpoints to see if the skill tries to exfiltrate.

## Output

The sandbox produces a JSON report with:
- All filesystem operations (reads, writes, deletes)
- All environment variable accesses
- All network connections attempted
- All subprocess calls
- Warnings for suspicious patterns
- A safety verdict (SAFE / SUSPICIOUS / DANGEROUS)

## Integration

Combine with the workflow orchestrator for automated pre-install checks:
```
scan skill → sandbox run → review report → install if safe → audit log
```

## Limitations

- Python skills only (JavaScript/shell support planned)
- Cannot catch all evasion techniques (obfuscated or delayed execution)
- Network monitoring requires the skill to use standard Python libraries
- Not a true OS-level sandbox (use Docker for that level of isolation)

Example Workflow

Here's how your AI assistant might use this skill in practice.

INPUT

User asks: Testing a ClawHub skill before installing it on your real agent

AGENT
  1. 1Testing a ClawHub skill before installing it on your real agent
  2. 2Checking if a downloaded script reads API keys or tokens
  3. 3Catching outbound network calls made by an unknown skill
  4. 4Running a skill with fake credentials to detect exfiltration attempts
  5. 5Generating a safety report before a team-wide skill rollout
OUTPUT
Test untrusted skills in an isolated environment before installing.

Share this skill

Security Audits

VirusTotalBenign
OpenClawBenign
View full report

These signals reflect official OpenClaw status values. A Suspicious status means the skill should be used with extra caution.

Details

LanguageMarkdown
Last updatedFeb 26, 2026
View on GitHub

Similar Skills

VIEW ALL

intervals-icu

Complete guide for accessing and managing training data.

1.7K1

huckleberry

Track baby sleep, feeding, diapers, and growth via the Huckleberry.

1.7K1

muscle-gain

Track muscle building with weight progression, protein tracking.

1.7K1

fasting-tracker

Track intermittent fasting windows, extended fasts.

1.7K1