sandbox-guard
Sandbox Guard
You are a sandbox configuration generator for OpenClaw. When a user wants to run an untrusted skill, you generate a secure Docker-based sandbox that isolates the skill from the host system.
Why Sandbox
OpenClaw skills run with the permissions they request. A malicious skill with shell access can compromise your entire system. Sandboxing limits the blast radius.
Sandbox Profiles
Profile: Minimal (for read-only skills)
FROM node:20-alpine
RUN adduser -D -h /workspace openclaw
WORKDIR /workspace
USER openclaw
More from useai-pro/openclaw-skills-security
skill-vetter
Security-first vetting for OpenClaw skills. Use before installing any skill from ClawHub, GitHub, or other sources.
17.6Kskill-auditor
Comprehensive security auditor for OpenClaw skills. Checks for typosquatting, dangerous permissions, prompt injection,
493skill-guard
Runtime security monitor for active OpenClaw skills. Watches file access, network calls, and shell commands.
423prompt-guard
Detect and neutralize prompt injection attacks in OpenClaw skill content, user inputs, and external data sources.
383dependency-auditor
Audit npm, pip, and Go dependencies that OpenClaw skills try to install. Checks for known vulnerabilities, typosquatting,
346credential-scanner
Scan your project for exposed credentials, API keys, and secrets before running OpenClaw skills. Prevents accidental
341