📦 Tcb Sandbox
v0.3.11通过 @tcb-sandbox/cli(HTTP/MCP 客户端)操作远程 TRW 工作区。TRW npm 包未公开发布;CLI 内嵌生产版 TRW 构建(`...
0· 371·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidence该技能声明的二进制文件、环境变量和安装内容与其所述目的一致,但存在轻微不一致,且某条指令允许高风险操作在无交互确认的情况下继续,安装前请予以审查。
评估建议
This skill is largely coherent for managing remote TRW workspaces, but review a few things before installing:
- Confirm the npm package source and trustworthiness of @tcb-sandbox/cli (check the package registry owner, published tarball contents, and homepage). If the package is private or from an unknown publisher, prefer to vet it first or run the CLI locally.
- Avoid supplying broad credentials in TCB_SANDBOX_HEADERS_JSON unless you trust the endpoint; that env var is referenced in the docs b...详细分析 ▾
✓ 用途与能力
Name/description align with requirements: the skill manages TRW workspaces, declares the tcb-sandbox binary and session/endpoint env vars, and provides an npm install for @tcb-sandbox/cli which produces the expected binary. Requiring a session id and endpoint is proportionate for remote workspace operations.
⚠ 指令范围
SKILL.md mostly confines actions to the remote TRW workspace and explicitly forbids reading arbitrary local credentials. However it (a) references an optional TCB_SANDBOX_HEADERS_JSON environment variable not declared in requires.env, (b) instructs the agent to proceed with high-risk destructive or PTY/bash operations after logging a notice without requiring an additional interactive confirmation, which enables autonomous destructive actions if the agent is invoked automatically.
ℹ 安装机制
Install uses a published npm package (@tcb-sandbox/cli@0.3.9) which maps to the required binary — a reasonable mechanism. Minor mismatch: SKILL.md bootstrap suggests pnpm add -g while the install metadata lists a node/npm package; this is plausibly benign but inconsistent and worth confirming. No direct download URLs or archive extraction were present.
⚠ 凭证需求
Declared required env vars (TCB_SANDBOX_ENDPOINT, TCB_SANDBOX_SESSION_ID) are appropriate. But SKILL.md permits an extra TCB_SANDBOX_HEADERS_JSON for gateway headers (not declared in metadata) which could carry additional sensitive tokens/headers; that undocumented optional variable increases risk if populated. Primary credential being TCB_SANDBOX_SESSION_ID is reasonable.
✓ 持久化与权限
The skill does not request always:true, has no system config paths, and does not claim to modify other skills or global agent settings. It does allow autonomous invocation (platform default), which combined with the instruction to proceed after high-risk notices increases operational risk but is not a metadata privilege escalation by itself.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.3.112026/3/16
升级内置 CLI 至 0.3.9;移除过时 ERWA 描述;更新安装引用版本
● 可疑
安装命令
点击复制官方npx clawhub@latest install tcb-sandbox
镜像加速npx clawhub@latest install tcb-sandbox --registry https://cn.longxiaskill.com