sandwrapRun untrusted skills safely with soft-sandbox protection. Wraps skills in multi-layer prompt-based defense (~85% attack prevention). Use when: (1) Running third-party skills from unknown sources, (2) Processing untrusted content that might contain prompt injection, (3) Analyzing suspicious files or URLs safely, (4) Testing new skills before trusting them. Supports manual mode ('run X in sandwrap') and auto-wrap for risky skills.
Install via ClawdBot CLI:
clawdbot install RubenAQuispe/sandwrapWrap untrusted skills in soft protection. Five defense layers working together block ~85% of attacks. Not a real sandbox (that would need a VM) β this is prompt-based protection that wraps around skills like a safety layer.
Manual mode:
Run [skill-name] in sandwrap [preset]Auto mode: Configure skills to always run wrapped, or let the system detect risky skills automatically.
| Preset | Allowed | Blocked | Use For |
|--------|---------|---------|---------|
| read-only | Read files | Write, exec, message, web | Analyzing code/docs |
| web-only | web_search, web_fetch | Local files, exec, message | Web research |
| audit | Read, write to sandbox-output/ | Exec, message | Security audits |
| full-isolate | Nothing (reasoning only) | All tools | Maximum security |
Each session gets a random 128-bit token. Untrusted content wrapped in unpredictable delimiters that attackers cannot guess.
Four privilege levels enforced:
Only preset-allowed tools available. Violations logged. Three denied attempts = abort session.
Sensitive actions require confirmation. Injection warning signs shown to approver.
Before acting on results, check for:
Configure in sandbox-config.json:
{
"always_sandbox": ["audit-website", "untrusted-skill"],
"auto_sandbox_risky": true,
"risk_threshold": 6,
"default_preset": "read-only"
}When a skill triggers auto-sandbox:
[!] skill-name requests exec access
Auto-sandboxing with "audit" preset
[Allow full access] [Continue sandboxed] [Cancel]Attacks that get detected and blocked:
Generated Mar 1, 2026
Developers can safely test new or untrusted AI skills from external sources before integrating them into production systems. Sandwrap's soft-sandbox protection helps identify potential prompt injection or malicious behavior without risking the main environment, making it ideal for vetting community-contributed skills.
Security analysts use Sandwrap to inspect suspicious URLs or files from the web in a controlled manner. By applying the web-only or audit presets, it prevents unauthorized local access while allowing safe web research, helping detect threats like phishing links or malware without exposing internal systems.
Teams in IT or finance employ Sandwrap to analyze untrusted code or documents for security vulnerabilities. The read-only preset restricts write and execution capabilities, enabling safe examination of external scripts or reports for malicious patterns, such as data exfiltration attempts, in a low-risk setting.
Educators and students in tech training programs use Sandwrap to practice building and testing AI skills in a protected environment. It allows experimentation with risky operations, like file writes in the audit preset, while blocking harmful actions, fostering learning without compromising system integrity.
Offer Sandwrap as a cloud service with tiered subscriptions for individuals, teams, and enterprises. Revenue comes from monthly or annual fees based on usage limits, preset access, and support levels, targeting developers and security firms needing ongoing protection for skill deployment.
Sell perpetual licenses or annual contracts to large organizations for on-premises or private cloud deployment. This model includes customization, priority updates, and dedicated support, generating high-value revenue from sectors like finance or healthcare with strict compliance needs.
Provide a free version with basic presets and limited usage to attract users, then monetize through premium upgrades for advanced features like auto-sandbox mode, detailed analytics, and higher attack prevention rates. Revenue streams include in-app purchases or upgrade fees from power users and small businesses.
π¬ Integration Tip
Start by configuring auto-sandbox mode for risky skills in sandbox-config.json to automate protection without manual intervention, ensuring seamless integration into existing workflows.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.