ai-agent-workspace

Provides a persistent workspace for AI agents with a filesystem, processes, and networking capabilities on a lightweight OS.

Install this skill

60/100

Security score

The ai-agent-workspace skill was audited on Jun 24, 2026 and we found 4 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 161

Direct command execution function call

SourceSKILL.md

161	C->>A: exec("echo hello \| tr a-z A-Z")

high line 164

Direct command execution function call

SourceSKILL.md

164	C->>A: spawn("node", ["/tmp/server.mjs"])

medium line 270

Webhook reference - potential data exfiltration

SourceSKILL.md

270	- [Webhooks](reference/agent-os/webhooks.md)

medium line 95

Access to .env file

SourceSKILL.md

95	1. `createSession("pi", { env: { ANTHROPIC_API_KEY } })` returns a `sessionId`. The VM does not inherit the host `process.env`, so API keys are passed explicitly per session or kept server-side throug

Scanned on Jun 24, 2026

View Security Dashboard

Installation guide →

GitHub Stars 17

Rate this skill

Categorydevelopment

UpdatedJune 24, 2026

openclaw backend

rivet-dev/skills