Alfred OpenShell Sandbox OpenClaw Skill
Provides isolated sandboxes using NVIDIA OpenShell for secure code execution, security scans, debugging, and test running with resource and network restricti...
Installation
clawhub install alfred-openshell-sandbox
Requires npm i -g clawhub
25
Downloads
0
Stars
0
current installs
0 all-time
1
Versions
EU-Hosted Inference API Power your OpenClaw skills with
the best open-source models.
Drop-in OpenAI-compatible API. No data leaves Europe.
Explore Inference APIGLM
GLM 5
$1.00 / $3.20
per M tokens
Kimi
Kimi K2.5
$0.60 / $2.80
per M tokens
MiniMax
MiniMax M2.5
$0.30 / $1.20
per M tokens
Qwen
Qwen3.5 122B
$0.40 / $3.00
per M tokens
OpenShell Sandbox Skill
Secure execution environment for specialist agents using NVIDIA OpenShell.
Overview
OpenShell provides sandboxed containers with Landlock LSM + seccomp + network namespaces + L7 policy engine. Each specialist agent gets an isolated sandbox for safe code execution.
Sandboxes Available
| Sandbox | Agent | Purpose | Status |
|---|---|---|---|
coder-sandbox |
coder | Code execution, builds, tests | Ready |
security-sandbox |
security | Pentesting, security scans | Ready |
debug-sandbox |
debug | Bug reproduction, diagnosis | Ready |
test-sandbox |
qa-tester | Test execution | Ready |
CLI Reference
# List all sandboxes
openshell sandbox list
# Execute command in sandbox
openshell sandbox exec -n <sandbox-name> -- <command> [args...]
# Interactive shell
openshell sandbox connect -n <sandbox-name>
# Create new sandbox
openshell sandbox create --name <name>
# Delete sandbox
openshell sandbox delete <name>
# View logs
openshell logs -n <sandbox-name>
# Gateway status
openshell status
# Diagnose issues
openshell doctor checkAgent Integration
For Coder Agent
When executing code that could affect the host system:
# Instead of running locally:
python3 script.py
# Run in sandbox:
openshell sandbox exec -n coder-sandbox -- python3 /workspace/script.pyFor Security Agent
When running security tools or scans:
# Run nmap, nikto, etc. in isolated sandbox
openshell sandbox exec -n security-sandbox -- nmap -sV targetFor Debug Agent
When reproducing bugs or testing fixes:
openshell sandbox exec -n debug-sandbox -- node test.jsFor QA-Tester
When running test suites:
openshell sandbox exec -n test-sandbox -- pytest tests/File Transfer
To copy files between host and sandbox:
# Copy file INTO sandbox (via exec cat)
cat local_file.py | openshell sandbox exec -n coder-sandbox -- tee /workspace/local_file.py
# Copy file FROM sandbox
openshell sandbox exec -n coder-sandbox -- cat /workspace/result.txt > local_result.txtPolicies
Default policies apply L7 network restrictions. To view/modify:
openshell policy listResource Limits
- CPU: Shared with host (24GB RAM server)
- Network: Restricted by L7 policy (no outbound by default)
- Disk: Ephemeral (deleted with sandbox)
- Timeout: 30 min default per exec command
Troubleshooting
- Sandbox not found: Run
openshell sandbox listto check status - Gateway down: Run
openshell statusandopenshell doctor check - Permission denied: Sandboxes run as unprivileged user
- Network blocked: Default policy denies outbound; use
openshell policyto modify
Architecture
Host (Ubuntu ARM64)
└── OpenShell Gateway (Docker + k3s)
├── coder-sandbox (aarch64, Python 3.13, Node 22)
├── security-sandbox (aarch64)
├── debug-sandbox (aarch64)
└── test-sandbox (aarch64)Version
- OpenShell CLI: 0.0.35
- Base image: ghcr.io/nvidia/openshell-community/sandboxes/base:latest
- Platform: aarch64 (ARM64)
Statistics
Author
lJokerl
@lllljokerllll
Latest Changes
v1.0.0 · Apr 23, 2026
Initial: 4 sandboxes (coder, security, debug, qa-tester), CLI reference, agent integration guide
Quick Install
clawhub install alfred-openshell-sandbox Related Skills
Other popular skills you might find useful.
Made in Europe Chat with 100+ AI Models in one App.
Use Claude, ChatGPT, Gemini alongside with EU-Hosted Models like Deepseek, GLM-5, Kimi K2.5 and many more.
