📦 Docker Sandbox — 安全代码沙箱

v1.0.0

为 AI 智能体提供一次性、隔离的 Docker 容器，可即时运行 Python、Node.js、bash 等生成的代码并返回结果，验证逻辑、捕获错误，全程无持久化，保障宿主机安全。

0· 331·1 当前·1 累计

by @newtonfrank (Newton Frank)

开发工具安全测试工具自动化代码生成

下载技能包

最后更新

2026/3/4

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The skill is internally consistent with its stated purpose (providing Docker-based ephemeral sandboxes) and only requires the docker binary; the instructions mostly match the purpose but a few implementation omissions and operational cautions deserve attention.

评估建议

This skill is coherent for its stated purpose, but running containers via an agent is powerful and you should take operational precautions before enabling or trusting it. Consider: (1) only give agents access to Docker in tightly controlled environments — the Docker daemon is effectively root on the host; (2) ensure the agent never mounts sensitive host paths (including /, /etc, ~/.ssh) and ensure it cannot mount the Docker socket (/var/run/docker.sock) into containers; (3) prefer additional har...

详细分析 ▾

✓ 用途与能力

Name, description, and runtime instructions all center on running code inside Docker containers. The only required binary is `docker`, which is exactly what this skill needs.

ℹ 指令范围

Instructions demonstrate creating a local `.sandbox` directory and running containers with --rm, resource limits, and --network none in some examples. However: (1) the Bash example omits resource and network flags that the doc claims are default; (2) the doc relies on the agent/operator to avoid mounting sensitive host paths but does not explicitly warn about the danger of mounting the Docker socket (/var/run/docker.sock); (3) it does not show using non-root users, read-only mounts, no-new-privs, capability drops, or other container-hardening features that are commonly recommended. The mount command uses POSIX shell syntax ($(pwd)) but the metadata lists Windows support; Windows-specific path guidance is missing.

✓ 安装机制

Instruction-only skill with no install spec and no code files — lowest-risk delivery mechanism. Nothing is written to disk by the skill itself.

✓ 凭证需求

The skill requests no environment variables or credentials. Requiring only the `docker` binary is proportionate to the claimed capability.

✓ 持久化与权限

Skill is user-invocable and not set always:true. It does not request system-wide changes or persistent presence beyond runtime instructions. Autonomous invocation is allowed (platform default) but not elevated by the skill.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/4

**Initial release of docker-sandbox skill.** - Run agent-generated code safely using isolated, ephemeral Docker containers. - Supports Python, Node.js, and shell script verification with standard Docker images. - Enforces host isolation, CPU/memory limits, and network blocking by default. - Advises secure usage patterns for mounting, networking, and privileges. - Plain, usage-focused documentation for multi-platform environments.

● 无害

安装命令

点击复制

官方npx clawhub@latest install docker-docker-sandbox-agent

镜像加速npx clawhub@latest install docker-docker-sandbox-agent --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库