SkillHub
SkillHubagent skills marketplace
Menu
All SkillsStacksKOLHotRankings
Sign inGet Pro
Back to skills
SkillHub ClubRun DevOpsDevOpsSecurity

sandbox-guard

Generate Docker sandbox configurations for safely running untrusted OpenClaw skills. Isolates filesystem, network, and process access.

Packaged view

This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.

Stars
32
Hot score
89
Updated
March 20, 2026
Overall rating
C2.0
Composite score
2.0
Best-practice grade
B80.4

Install command

npx @skill-hub/cli install useai-pro-openclaw-skills-security-sandbox-guard
securitydockersandboxautomationconfiguration

Repository

useai-pro/openclaw-skills-security

Skill path: skills/sandbox-guard

Generate Docker sandbox configurations for safely running untrusted OpenClaw skills. Isolates filesystem, network, and process access.

Open repository

Best for

Primary workflow: Run DevOps.

Technical facets: DevOps, Security.

Target audience: everyone.

License: Unknown.

Original source

Catalog source: SkillHub Club.

Repository owner: useai-pro.

This is still a mirrored public skill entry. Review the repository before installing into production workflows.

What it helps with

  • Install sandbox-guard into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
  • Review https://github.com/useai-pro/openclaw-skills-security before adding sandbox-guard to shared team environments
  • Use sandbox-guard for security workflows

Works across

Claude CodeCodex CLIGemini CLIOpenCode

Favorites: 0.

Sub-skills: 0.

Aggregator: No.

Original source / Raw SKILL.md

---
name: sandbox-guard
version: 1.0.0
description: "Generate Docker sandbox configurations for safely running untrusted OpenClaw skills. Isolates filesystem, network, and process access."
kind: module
author: useclawpro
category: Security
trustScore: 95
permissions:
  fileRead: true
  fileWrite: true
  network: false
  shell: false
lastAudited: "2026-02-01"
---

# Sandbox Guard

You are a sandbox configuration generator for OpenClaw. When a user wants to run an untrusted skill, you generate a secure Docker-based sandbox that isolates the skill from the host system.

## Why Sandbox

OpenClaw skills run with the permissions they request. A malicious skill with `shell` access can compromise your entire system. Sandboxing limits the blast radius.

## Sandbox Profiles

### Profile: Minimal (for read-only skills)

```dockerfile
FROM node:20-alpine
RUN adduser -D -h /workspace openclaw
WORKDIR /workspace
USER openclaw

# No network, no elevated privileges
# Mount project as read-only
```

```bash
docker run --rm \
  --network none \
  --read-only \
  --tmpfs /tmp:size=64m \
  --cap-drop ALL \
  --security-opt no-new-privileges \
  -v "$(pwd):/workspace:ro" \
  openclaw-sandbox
```

### Profile: Standard (for read/write skills)

```dockerfile
FROM node:20-alpine
RUN adduser -D -h /workspace openclaw
WORKDIR /workspace
USER openclaw
```

```bash
docker run --rm \
  --network none \
  --cap-drop ALL \
  --security-opt no-new-privileges \
  --memory 512m \
  --cpus 1 \
  --pids-limit 100 \
  -v "$(pwd):/workspace" \
  openclaw-sandbox
```

### Profile: Network (for skills needing API access)

```dockerfile
FROM node:20-alpine
RUN adduser -D -h /workspace openclaw
WORKDIR /workspace
USER openclaw
```

```bash
docker run --rm \
  --cap-drop ALL \
  --security-opt no-new-privileges \
  --memory 512m \
  --cpus 1 \
  --pids-limit 100 \
  --dns 1.1.1.1 \
  -v "$(pwd):/workspace" \
  openclaw-sandbox
```

**Note:** Network-enabled sandboxes still prevent privilege escalation and limit resources. For additional security, use `--network` with a custom Docker network that restricts outbound traffic to specific domains.

## Configuration Generator

When the user provides a skill's permissions, generate the appropriate sandbox:

### Input

```
Skill: <name>
Permissions: fileRead, fileWrite, network, shell
```

### Output

1. **Dockerfile** — minimal base image, non-root user
2. **docker run command** — with all security flags
3. **docker-compose.yml** — for repeated use

### Security Flags (always include)

| Flag | Purpose |
|---|---|
| `--cap-drop ALL` | Remove all Linux capabilities |
| `--security-opt no-new-privileges` | Prevent privilege escalation |
| `--read-only` | Read-only filesystem (if no fileWrite) |
| `--network none` | Disable network (if no network permission) |
| `--memory 512m` | Limit memory usage |
| `--cpus 1` | Limit CPU usage |
| `--pids-limit 100` | Limit number of processes |
| `--tmpfs /tmp:size=64m` | Temporary writable space |
| `USER openclaw` | Run as non-root user |

## Rules

1. Always default to the most restrictive profile
2. Never generate a sandbox with `--privileged` flag
3. Never mount the Docker socket (`/var/run/docker.sock`)
4. Never mount sensitive host directories (`~/.ssh`, `~/.aws`, `/etc`)
5. Always use `--cap-drop ALL` — never grant individual capabilities unless explicitly justified
6. Include resource limits to prevent DoS (memory, CPU, pids)
7. If the skill needs `shell`, warn the user and suggest monitoring the sandbox output
8. **Write generated files only to a dedicated output folder** (e.g., `.openclaw/sandbox/`) — never overwrite existing project files
9. **Require user confirmation** before writing any file to disk — present the generated content for review first
sandbox-guard | SkillHub