Run cross-platform remote validation with Crabbox and report the actual provider ID.
This skill appears to be prompt-only, with no declared secrets or fixed remote endpoints; combined with its open-source GitHub origin and extremely strong community adoption, the overall risk is low. The main caveat is that the README discusses usage with AWS/Blacksmith-backed remote environments, so if a real wrapper/backend is later connected, network egress and remote execution boundaries should be reviewed separately.
The material and system checks both indicate no required keys or environment variables. No API tokens, cloud credentials, or other sensitive authentication inputs are requested, so credential exposure is low in the current form.
The README repeatedly mentions remote validation and backends such as AWS Crabbox, Blacksmith Testbox, and Azure, indicating a design context involving remote interaction. However, this audited skill is marked prompt-only and declares no specific hosts, so the current material does not show that the skill itself directly sends user data outward.
As a prompt-only skill, it does not itself show actual permission to launch local processes, execute scripts, or invoke system capabilities. The command examples in the README describe potential use of an external wrapper, not execution authority granted to this skill.
No interface permissions are declared for reading or writing local files, repository contents, system directories, or other data resources. Although the README mentions sync, logs/results, and cache inspection, there is no evidence that the current prompt-only form can directly access user data.
The source is an open-source GitHub repository with auditable code and extremely high community adoption (about 377k stars), both strong risk-reducing signals. The missing license declaration and unknown maintenance status are caveats, but not enough to raise this to high risk on the current evidence.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "crabbox" skill from askskill: 1. Download https://raw.githubusercontent.com/openclaw/openclaw/main/.agents/skills/crabbox/SKILL.md 2. Save it as ~/.claude/skills/crabbox/SKILL.md 3. Reload skills and tell me it's ready
Use crabbox to run the same remote validation task on Linux, macOS, Windows, and WSL2. Output the validation result, actual provider, and id for each platform, then summarize them in a comparison table.
A platform-by-platform validation table showing pass/fail status, actual provider, and instance ID.
Run a remote validation through crabbox that includes delegated Blacksmith Testbox proof. State whether validation passed and clearly report the actual provider, id, and proof-related details.
A validation report confirming whether the proof worked, including provider, id, and key verification details.
I suspect the same task validates differently across systems. Use crabbox to run it on Linux and Windows, compare the differences, and report the actual provider and id for each run.
A difference analysis showing whether the two systems match, along with each run’s provider and id.
Use the Crabbox wrapper when OpenClaw needs remote Linux proof for broad tests, CI-parity checks, secrets, hosted services, Docker/E2E/package lanes, warmed reusable boxes, sync timing, logs/results, cache inspection, or lease cleanup.
Crabbox is the transport/orchestration surface. The actual backend can be:
provider=aws, lease ids like
cbx_..., syncDelegated=falseprovider=blacksmith-testbox, ids like tbx_..., syncDelegated=trueFor OpenClaw maintainer broad pnpm gates, Blacksmith Testbox through the
Crabbox wrapper is acceptable and often preferred when the standing Testbox
rules apply. Do not describe those runs as "AWS Crabbox"; report them as
Testbox-through-Crabbox with the tbx_... id and Actions run.
Use the repo .crabbox.yaml brokered AWS path when the task specifically needs
direct AWS Crabbox behavior, persistent direct-provider leases, --fresh-pr,
--full-resync, environment forwarding, capture/download support, or provider
comparison. Use --provider blacksmith-testbox when the task needs OpenClaw
maintainer Testbox proof, prepared CI environment, broad/heavy pnpm gates, or
the user asks for Testbox/Blacksmith.
command -v crabbox
../crabbox/bin/crabbox --version
pnpm crabbox:run -- --help | sed -n '1,120p'
../crabbox/bin/crabbox desktop launch --help
../crabbox/bin/crabbox webvnc --help
../crabbox/bin/crabbox when present. The user PATH
shim can be stale..crabbox.yaml for direct-provider defaults. Omitting --provider
means brokered AWS for normal Linux/macOS paths; the wrapper selects Azure
for unqualified Windows/WSL2 runs when the local Crabbox binary advertises
Azure.eu-west-1; the repo
config pins hot eu-west-1a/b/c placement so Fast Snapshot Restore can apply.
If warmup drifts well past the minute-scale path, verify image promotion,
region/AZ placement, and FSR state before blaming OpenClaw.pnpm gates, prefer the repo wrapper with
--provider blacksmith-testbox or the repo Testbox helpers when the standing
Testbox policy applies.cbx_... means AWS Crabbox;
tbx_... means Blacksmith Testbox through Crabbox. If the output only says
blacksmith testbox list, use blacksmith testbox list --all before
concluding no box exists.--full-resync
(alias --fresh-sync) before replacing the lease. This resets the remote
workdir, skips the fingerprint fast path, reseeds Git when possible, and
uploads the checkout from scratch.OPENCLAW_LOCAL_CHECK_MODE=throttled from the local shell is not permission
to move broad pnpm check:changed, pnpm test:changed, full pnpm test, or
lint/typecheck fan-out onto the laptop.OPENCLAW_LOCAL_CHECK_MODE=throttled|full when the user explicitly
asks for local proof in the current task. If Testbox is queued or capacity is
constrained, report the blocker and keep only targeted local edit-loop checks
running.…
Fetch GitHub issues, create fixes, open PRs, and handle reviews.
Convert text to speech locally and offline with sherpa-onnx, no cloud needed.
Regenerate OpenClaw release changelog sections from Git history before releases.
Prepare and verify OpenClaw stable or beta releases and release notes.
Automate web page workflows, login checks, tab handling, and recovery steps.
Verify an OpenClaw release is fully published and working across all channels.
Run cross-platform OpenClaw remote validation with provider and lease reporting.
Run remote code validation, PR checks, and secure scripted workflows.
Reproduce and record real Telegram interactions on Crabbox for behavior proof.
Choose and run the safest, cheapest OpenClaw test and validation path.
Diagnose OpenClaw issues by choosing logs, probes, and proof paths first.
Run Kova/OpenClaw validation, benchmarks, release gates, and performance reports.