安全扫描
OpenClaw
安全
high confidenceThe plugin appears to do what it claims (a capability-based WASM sandbox with a helper downloader); requirements and code are coherent, but be aware it can download arbitrary files into the workspace and run WASM — only install if you trust the runtime and the WASM sources you will execute.
安全有层次,运行前请审查代码。
版本
latestv0.4.02026/3/28
● 无害
安装命令 点击复制
官方npx clawhub@latest install openclaw-wasm-sandbox
镜像加速npx clawhub@latest install openclaw-wasm-sandbox --registry https://cn.clawhub-mirror.com
插件文档
openclaw-wasm-sandbox
Wasm Sandbox Plugin for OpenClaw
[image: npm version] [image: npm downloads] [image: License]
openclaw-wasm-sandbox is an OpenClaw plugin that provides a capability-based secure sandbox for running WebAssembly (WASM) components. Built on the WebAssembly Component Model and WASI (WebAssembly System Interface), it allows you to safely execute untrusted WASM code with granular control over file system access, network requests, environment variables, and computational resources.
⚠️ Prerequisites
- WebAssembly Component — This plugin runs WASM Components (
.wasmfiles built with the Component Model), not Core WebAssembly modules. - To convert a Core WASM module into a Component, use wasm-tools:
wasm-tools component new input.wasm -o output.wasmFeatures
- 🔒 Capability-based Security — Fine-grained control over system resources
- 📁 File System Isolation — Map specific host directories to guest paths
- 🌐 Network Control — Allow or block network access by host pattern
- ⏱️ Resource Limits — Timeout, memory, stack size, and execution fuel
- 🔧 Environment Variables — Pass selective env vars to WASM components
- 🖥️ HTTP Server Mode — Serve WASM components as web services
Installation
From ClawHub
openclaw plugins install clawhub:openclaw-wasm-sandboxFrom npm
openclaw plugins install openclaw-wasm-sandboxFrom Source
# Clone the repository
git clone https://github.com/your-repo/openclaw-wasm-sandbox.git
cd openclaw-wasm-sandbox
# Install dependencies
npm install
# Link or install
openclaw plugins install . --link # Development (live reload)
# or
openclaw plugins install . # Production (copy files)Usage
CLI Commands
The plugin provides two subcommands under wasm-sandbox:
Run a WASM Component
openclaw wasm-sandbox run <file.wasm> [args...]Example:
# Basic run
openclaw wasm-sandbox run ./hello.wasm
# With arguments
openclaw wasm-sandbox run ./hello.wasm arg1 arg2
# With environment variables
openclaw wasm-sandbox run ./hello.wasm --env FOO=bar --env BAZ=qux
# With directory mapping
openclaw wasm-sandbox run ./hello.wasm --map-dir ./data::/data
# With network restrictions (allow only github.com)
openclaw wasm-sandbox run ./hello.wasm --allowed-outbound-hosts https://github.com
# With resource limits
openclaw wasm-sandbox run ./hello.wasm \
--wasm-timeout 30 \
--wasm-max-memory-size 67108864 \
--wasm-max-stack 1048576 \
--wasm-fuel 1000000Start HTTP Server from WASM Component
openclaw wasm-sandbox serve <file.wasm> [options]Example:
# Basic server (defaults to localhost:8080)
openclaw wasm-sandbox serve ./server.wasm
# Custom IP and port
openclaw wasm-sandbox serve ./server.wasm -i 0.0.0.0 -p 3000
# With environment variables and directory mapping
openclaw wasm-sandbox serve ./server.wasm \
--env NODE_ENV=production \
--map-dir ./public::/public
# With WASI config variables
openclaw wasm-sandbox serve ./server.wasm \
--config-var LOG_LEVEL=info \
--keyvalue-var CACHE_TTL=3600Available Options
Common Options (both run and serve)
| Option | Type | Description |
|---|---|---|
--work-dir <dir> | string | Grant access of a host directory to guest root dir |
--map-dir <mapping...> | string[] | Map host directory to guest path (host::guest format) |
--env <var...> | string[] | Pass environment variable (KEY=value format) |
--allowed-outbound-hosts <host...> | string[] | Allowed network destinations (supports wildcards) |
--block-networks <network...> | string[] | Blocked IP networks (use private for private ranges) |
--wasm-timeout <seconds> | number | Maximum execution time before timeout |
--wasm-max-memory-size <bytes> | number | Maximum linear memory size |
--wasm-max-stack <bytes> | number | Maximum stack size before overflow |
--wasm-fuel <units> | number | Execution fuel units (traps when exhausted) |
--wasm-cache-dir <dir> | string | Directory for precompiled .cwasm cache files |
run Exclusive Options
| Option | Type | Description |
|---|---|---|
--program-name <name> | string | Override argv[0] (executable name) |
--invoke <function> | string | Name of the exported function to invoke |
serve Exclusive Options
| Option | Type | Description |
|---|---|---|
-i, --ip <ip> | string | Socket IP to bind to |
-p, --port <port> | number | Socket port to bind to (0-65535) |
--config-var <var...> | string[] | WASI config variables (KEY=value) |
--keyvalue-var <var...> | string[] | In-memory key-value data (KEY=value) |
Agent Tools
The plugin also registers two tools for use by AI agents:
| Tool | Description |
|---|---|
wasm-sandbox-run | Run a WebAssembly Component with configurable options |
wasm-sandbox-serve | Start an HTTP server from a WebAssembly Component |
Tools are registered as optional — agents can use them when needed.
Security Model
The plugin uses capability-based security:
- No implicit access — WASM components have zero access by default
- Explicit grants only — Access must be explicitly granted via options
- Resource bounds — Memory, stack, fuel, and time limits enforce resource consumption
- Network isolation — Outbound network access is denied by default, allowlist-based
Network Patterns
--allowed-outbound-hosts supports:
- Exact hosts:
https://api.github.com - Wildcard subdomains:
https://.github.com - Protocols:
http://,https://
--block-networks supports:
- IP networks:
1.1.1.1/32,10.0.0.0/8 - Special keywords:
private(blocks RFC 1918 addresses)
Dependencies
@wasm-sandbox/runtime@sinclair/typebox— JSON schema type definitions
License
Repository: https://github.com/guyoung/wasm-sandbox-node
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制