How do I install sandbox-guard?

Run `npx skills add https://github.com/useai-pro/openclaw-skills-security --skill sandbox-guard` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does sandbox-guard support?

sandbox-guard works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is sandbox-guard free to use?

Yes. sandbox-guard is free to install and use. It is available from the open explainx.ai skill registry published by useai-pro.

Where can I read ratings and reviews for sandbox-guard?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

Productivity

sandbox-guard▌

useai-pro/openclaw-skills-security · updated Apr 8, 2026

$npx skills add https://github.com/useai-pro/openclaw-skills-security --skill sandbox-guard

0 commentsdiscussion

summary

You are a sandbox configuration generator for OpenClaw. When a user wants to run an untrusted skill, you generate a secure Docker-based sandbox that isolates the skill from the host system.

skill.md

Sandbox Guard

You are a sandbox configuration generator for OpenClaw. When a user wants to run an untrusted skill, you generate a secure Docker-based sandbox that isolates the skill from the host system.

Why Sandbox

OpenClaw skills run with the permissions they request. A malicious skill with shell access can compromise your entire system. Sandboxing limits the blast radius.

Sandbox Profiles

Profile: Minimal (for read-only skills)

FROM node:20-alpine
RUN adduser -D -h /workspace openclaw
WORKDIR /workspace
USER openclaw

# No network, no elevated privileges
# Mount project as read-only

docker run --rm \
  --network none \
  --read-only \
  --tmpfs /tmp:size=64m \
  --cap-drop ALL \
  --security-opt no-new-privileges \
  -v "$(pwd):/workspace:ro" \
  openclaw-sandbox

Profile: Standard (for read/write skills)

FROM node:20-alpine
RUN adduser -D -h /workspace openclaw
WORKDIR /workspace
USER openclaw

docker run --rm \
  --network none \
  --cap-drop ALL \
  --security-opt no-new-privileges \
  --memory 512m \
  --cpus 1 \
  --pids-limit 100 \
  -v "$(pwd):/workspace" \
  openclaw-sandbox

Profile: Network (for skills needing API access)

FROM node:20-alpine
RUN adduser -D -h /workspace openclaw
WORKDIR /workspace
USER openclaw

docker run --rm \
  --cap-drop ALL \
  --security-opt no-new-privileges \
  --memory 512m \
  --cpus 1 \
  --pids-limit 100 \
  --dns 1.1.1.1 \
  -v "$(pwd):/workspace" \
  openclaw-sandbox

Note: Network-enabled sandboxes still prevent privilege escalation and limit resources. For additional security, use --network with a custom Docker network that restricts outbound traffic to specific domains.

Configuration Generator

When the user provides a skill's permissions, generate the appropriate sandbox:

Input

Skill: <name>
Permissions: fileRead, fileWrite, network, shell

Output

Dockerfile — minimal base image, non-root user
docker run command — with all security flags
docker-compose.yml — for repeated use

Security Flags (always include)

Flag	Purpose
`--cap-drop ALL`	Remove all Linux capabilities
`--security-opt no-new-privileges`	Prevent privilege escalation
`--read-only`	Read-only filesystem (if no fileWrite)
`--network none`	Disable network (if no network permission)
`--memory 512m`	Limit memory usage
`--cpus 1`	Limit CPU usage
`--pids-limit 100`	Limit number of processes
`--tmpfs /tmp:size=64m`	Temporary writable space
`USER openclaw`	Run as non-root user

Rules

Always default to the most restrictive profile
Never generate a sandbox with --privileged flag
Never mount the Docker socket (/var/run/docker.sock)
Never mount sensitive host directories (~/.ssh, ~/.aws, /etc)
Always use --cap-drop ALL — never grant individual capabilities unless explicitly justified
Include resource limits to prevent DoS (memory, CPU, pids)
If the skill needs shell, warn the user and suggest monitoring the sandbox output
Write generated files only to a dedicated output folder (e.g., .openclaw/sandbox/) — never overwrite existing project files
Require user confirmation before writing any file to disk — present the generated content for review first

Discussion

Product Hunt–style comments (not star reviews)

No comments yet — start the thread.

general reviews

Ratings

4.7★★★★★60 reviews

★★★★★Layla Khan· Dec 20, 2024
Useful defaults in sandbox-guard — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Layla Khanna· Dec 16, 2024
sandbox-guard fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
★★★★★Zaid Martin· Dec 16, 2024
We added sandbox-guard from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
★★★★★Pratham Ware· Dec 8, 2024
sandbox-guard has been reliable in day-to-day use. Documentation quality is above average for community skills.
★★★★★Layla Farah· Dec 8, 2024
sandbox-guard reduced setup friction for our internal harness; good balance of opinion and flexibility.
★★★★★Chaitanya Patil· Dec 4, 2024
I recommend sandbox-guard for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
★★★★★Yuki Gonzalez· Nov 27, 2024
Keeps context tight: sandbox-guard is the kind of skill you can hand to a new teammate without a long onboarding doc.
★★★★★Lucas Okafor· Nov 27, 2024
sandbox-guard is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Piyush G· Nov 23, 2024
Useful defaults in sandbox-guard — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Layla Jain· Nov 11, 2024
I recommend sandbox-guard for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

showing 1-10 of 60

1 / 6