安全扫描
OpenClaw
可疑
medium confidence该技能的功能(通过Traefik/Cloudflare管理开发容器)可信,但SKILL.md和脚本要求代理/用户执行高风险主机操作且未在注册元数据中声明凭证——仅在仔细审查后继续。
评估建议
该技能大致如所描述(通过Traefik或Cloudflare启动浏览器/VNC/VSCode容器),但要求授予代理主机级权限和敏感凭证。安装前:1) 检查容器镜像和脚本;2) 避免使主机目录可写;3) 限制Cloudflare API令牌权限;4) 使用专用主机目录;5) 手动运行入站步骤;6) 请求明确的权限列表。如果无法审计,视为高风险,避免授予广泛主机权限。...详细分析 ▾
⚠ 用途与能力
The skill claims to manage devboxes (VSCode, VNC, routing) which matches the included scripts and README, but the registry metadata lists no required env vars/credentials while the SKILL.md and scripts clearly require Docker socket access, optional GitHub PAT, Cloudflare API token/tunnel tokens, and a host path for Traefik. The omission of those required credentials/configs in the metadata is an inconsistency.
⚠ 指令范围
Onboarding must be run on the MAIN agent with exec/gateway and filesystem access; instructions explicitly tell the user/agent to inspect Docker mounts, modify host permissions (chmod 666 on /var/run/docker.sock and suggest chmod 777 on the Traefik host path), write files into host-mounted Traefik paths, and register DNS records via the Cloudflare API. Those actions go beyond small, contained setup steps and grant broad host-level effects.
ℹ 安装机制
There is no install spec (instruction-only), and the skill relies on pulling a container image from ghcr.io (ghcr.io/adshrc/openclaw-devbox:latest) which is a reasonable approach. No arbitrary binary downloads or URL-shortener installers are present. Still, pulling an external container image is an operational trust decision and should be audited.
⚠ 凭证需求
The skill requires sensitive tokens and host access in practice (CF_API_TOKEN, CF_TUNNEL_TOKEN, optional GITHUB_TOKEN, write access to a host-mounted Traefik directory, Docker socket access), but the registry metadata declared none. Requesting Docker socket access and advising chmod 666/777 are disproportionate and increase risk; Cloudflare tokens should be limited-scope but are still sensitive and will be stored in agent config per README.
ℹ 持久化与权限
The skill is not marked always:true and is user-invocable. However onboarding runs on the main agent and will store Cloudflare/tunnel tokens and other config in the agent config, giving the skill persistent credentials. This is expected for a routing-oriented skill but elevates long-term risk if credentials are broad or not rotated.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.4.02026/3/8
● 可疑
安装命令
点击复制官方npx clawhub@latest install devboxes
镜像加速npx clawhub@latest install devboxes --registry https://cn.longxiaskill.com
技能文档
(由于原始SKILL.md内容过长,以下为简略翻译,保留关键部分)
name: devboxes description: 管理开发环境容器(devboxes),提供Web访问的VSCode、VNC和应用路由(通过Traefik或Cloudflare Tunnels)。
# Devbox Skill devboxes是OpenClaw沙箱容器,运行自定义镜像,包含VSCode Web、noVNC、Chromium(CDP)和最多5个应用端口,通过Traefik或Cloudflare Tunnels路由。OpenClaw管理整个容器生命周期。