ClawHub
Code Pluginsource linkedVerified

OpenShell Sandboxv2026.5.28

OpenClaw sandbox backend for the NVIDIA OpenShell CLI with mirrored local workspaces and SSH command execution.

@openclaw/openshell-sandbox·runtime openshell·by @openclaw
openclaw plugins install clawhub:@openclaw/openshell-sandbox
Latest release: v2026.5.28Download zip

Capabilities

Tags
executes-codeartifact:npm-packnpm-mirror:available
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
openshell

Compatibility

Built With Open Claw Version
2026.5.28
Min Gateway Version
>=2026.5.12-beta.1
Plugin Api Range
>=2026.5.28
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The capabilities fit the stated ClawHub purpose: installing/updating/searching/publishing skills and packages, authenticating users, and running clearly labeled moderator workflows.
Instruction Scope
Some maintainer skills and moderator commands are high-impact, including review helpers and staff actions, but the instructions are visible, task-scoped, and generally require explicit targets, confirmations, or dry-run/apply choices.
Install Mechanism
The package uses normal CLI entrypoint wrappers and build/prepublish scripts; I did not find postinstall hooks, stealth startup behavior, or automatic persistence on install.
Credentials
Network calls to ClawHub/GitHub, local skill/package file reads, and selected writes are expected for this CLI. Users should note that sync/publish commands can upload local artifact contents or limited metadata when explicitly run.
Persistence & Privilege
The CLI can store a ClawHub API token in a local config file with restricted permissions and write .clawhub tracking files; moderator/admin effects remain user-commanded and server RBAC-gated.
Scan Findings in Context
[VirusTotal:clean] expected: VirusTotal reported no malicious or suspicious engines; this is supportive telemetry, not the sole basis for the verdict.
[SkillSpector:clean] expected: SkillSpector supplied no advisory issues, and artifact review did not uncover hidden or purpose-mismatched behavior.
[trusted-openclaw-publisher] expected: The trusted OpenClaw publisher context is consistent with the official ClawHub tooling reviewed here.
Assessment
Install only if you intend to use ClawHub/OpenClaw registry tooling. Review files before running publish or sync commands, keep API tokens protected, and treat moderator commands as privileged operations that should be run only by authorized staff with explicit targets and reasons.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/openclaw/openclaw
Commit
e93216080aa1
Tag
refs/heads/release/2026.5.28
Provenance
No
Scan status
clean

Tags

alpha
2026.5.19-alpha.1
beta
2026.6.1-beta.1
latest
2026.5.28

@openclaw/openshell-sandbox

Official NVIDIA OpenShell sandbox backend for OpenClaw.

This plugin lets OpenClaw use OpenShell-managed sandboxes with mirrored local workspaces and SSH command execution.

Install

openclaw plugins install @openclaw/openshell-sandbox

Restart the Gateway after installing or updating the plugin.

Configure

Use the OpenShell docs for credentials, workspace mirroring, runtime selection, and troubleshooting:

Package

  • Plugin id: openshell
  • Package: @openclaw/openshell-sandbox
  • Minimum OpenClaw host: 2026.5.12-beta.1