-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
en use computer
Computer Use controls whether an Agent can execute code, access files, run Shell commands.
In WebUI, open:
Config -> General Config -> Use Computer Capabilities
The key option is Computer Use Runtime:
-
none: disables Computer Use; Shell, Python, filesystem, and related tools are not mounted. -
local: executes on the host machine where AstrBot is running. Use this when the Agent needs local files, command-line tools, or local dependencies. -
sandbox: executes inside an isolated sandbox. Use this when you want to reduce host risk or provide automation capabilities to multiple users.
If you are not sure which mode to choose, prefer sandbox. Use local only when direct host access is required.
local mode mounts Computer Use tools into the host environment where AstrBot runs. The Agent can call the host Shell, host Python, and host filesystem tools.
This means the Agent's boundary is close to the AstrBot process itself. What it can access depends on the system permissions, runtime user, working directory, and operating-system restrictions of the AstrBot process.
In local mode, AstrBot prepares a workspace for each session:
data/workspaces/{normalized_umo}
{normalized_umo} is derived from the current session's unified_msg_origin; characters unsuitable for filenames are replaced with _.
Relative paths passed to local filesystem tools are resolved under this workspace. For example:
notes/todo.txt
is resolved as:
data/workspaces/{normalized_umo}/notes/todo.txt
The local Shell tool also runs with this workspace as its current working directory.
Note
The local Python tool executes code through AstrBot's current Python environment. When Python code reads or writes files, use explicit absolute paths or prepare files through filesystem tools in the workspace first.
local mode mainly provides:
-
Shell: executes host shell commands. Windows followscmd.exesemantics; Linux/macOS follow Unix-like shell semantics. -
Python: executes Python code in AstrBot's current Python environment. -
File read: reads text, image, spreadsheet, and other supported files. -
File write: writes UTF-8 text files; relative paths default to the current workspace. -
File edit: replaces exact text in files. -
Grep search: searches file contents through ripgrep.
local mode does not mount sandbox upload/download tools, and it does not provide browser automation. Browser automation belongs to the sandbox runtime and requires a sandbox profile with the browser capability.
The local Shell tool includes basic blocking for dangerous commands such as rm -rf, sudo, shutdown, reboot, and kill -9. This is not a complete security sandbox and should not be treated as one.
Computer Use has a separate option:
Require AstrBot admin permission
This option is enabled by default.
When enabled:
- Admin users can use Shell, Python, file read, file write, file edit, and Grep search in
localmode. - Non-admin users cannot use Shell or Python.
- Non-admin users can only use file read, write, edit, and search inside restricted directories.
Allowed directories for non-admin users in local mode include:
data/skills- Current session's
data/workspaces/{normalized_umo} - AstrBot temporary directories
-
.astrbotunder the system temporary directory
If Require AstrBot admin permission is disabled, regular users behave much closer to admins for Computer Use tools. Do not disable it unless you understand the risk.
Admin IDs can be configured in:
Config -> Other Config -> Admin ID
Users can get their own ID with /sid.
sandbox mode runs execution actions inside an isolated environment instead of directly on the AstrBot host.
Inside the sandbox, the Agent can still use Shell, Python, and filesystem tools. If the selected sandbox profile supports the browser capability, AstrBot also mounts browser automation tools.
With Shipyard Neo, the sandbox workspace root is usually:
/workspace
Filesystem tools should usually receive relative paths, for example:
result.txt
instead of:
/workspace/result.txt
For sandbox deployment, profiles, TTL, persistence, and browser capabilities, see Agent Sandbox Environment.
Note
Even in sandbox mode, Require AstrBot admin permission still affects access to Shell, Python, browser, upload/download, and related tools. The exact behavior depends on your configuration.
Skills are reusable instruction bundles for Agents. They are usually stored under data/skills, and each Skill contains a SKILL.md.
The relationship between Skills and Computer Use is:
- Skills tell the Agent what to do.
- Computer Use decides whether the Agent can execute those steps.
For example, a Skill may ask the Agent to read files, run scripts, and generate a report. If Computer Use Runtime is none, the Agent may see the Skill instructions, but it cannot call Shell or Python to execute them.
In local mode, the Agent reads local Skills.
In sandbox mode, AstrBot attempts to sync local Skills into the sandbox so the Agent can execute them there.
For more details, see Anthropic Skills.
- 首页
- 文档入口
- Top Level
- community events
- deploy
- dev
- others
- platform
- 接入 OneBot v11 协议实现
- 接入钉钉 DingTalk
- 接入 Discord
- 接入 Kook
- 接入飞书
- 接入 LINE
- 接入 Matrix
- 接入 Mattermost
- 接入 Misskey 平台
- 接入 QQ 官方机器人平台
- 通过 QQ官方机器人 接入 QQ (Webhook)
- 通过 QQ官方机器人 接入 QQ (Websockets)
- 接入 Satori 协议
- 接入 server-satori (基于 Koishi)
- 接入 Slack
- 接入消息平台
- 接入 Telegram
- 接入 VoceChat
- AstrBot 接入企业微信
- 接入企业微信智能机器人平台
- AstrBot 接入微信公众平台
- 接入个人微信
- providers
- use
- Home
- Docs Entry
- Top Level
- config
- deploy
- Deploy AstrBot on 1Panel
- Deploy AstrBot on BT Panel
- Deploy AstrBot on CasaOS
- Deploy AstrBot from Source Code
- Community-Provided Deployment Methods
- Deploy via Compshare
- Deploy AstrBot with Docker
- Deploy AstrBot with Kubernetes
- Deploy AstrBot with AstrBot Launcher
- Other Deployments
- Package Manager Deployment (uv)
- Installation via System Package Manager
- Preface
- dev
- ospp
- others
- platform
- Connect OneBot v11 Protocol Implementations
- Connect to DingTalk
- Connecting to Discord
- Connect to KOOK
- Connecting to Lark
- Connecting to LINE
- Connecting to Matrix
- Connecting to Mattermost
- Connecting to Misskey Platform
- Connect QQ Official Bot
- Connect QQ via QQ Official Bot (Webhook)
- Connect QQ via QQ Official Bot (Websockets)
- Connect to Satori Protocol
- Connect server-satori (Koishi)
- Connecting to Slack
- Messaging Platforms
- Connecting to Telegram
- Connect to VoceChat
- Connect AstrBot to WeCom
- Connect to WeCom AI Bot Platform
- Connect AstrBot to WeChat Official Account Platform
- Connect Personal WeChat
- providers
- 接入 302.AI
- Agent Runners
- Built-in Agent Runner
- Connect to Coze
- Connect to Alibaba Cloud Bailian Application
- Connect to DeerFlow
- Connect to Dify
- Connect AIHubMix
- coze
- dashscope
- dify
- 大语言模型提供商
- NewAPI
- 接入 PPIO 派欧云
- 接入 LM Studio 使用 DeepSeek-R1 等模型
- Integrating Ollama
- Connecting to SiliconFlow
- Connecting Model Services
- Connecting to TokenPony
- use
- Agent Runner
- Agent Sandbox Environment ⛵️
- astrbot sandbox
- Docker-based Code Interpreter
- Built-in Commands
- Computer Use
- Context Compression
- Custom Rules
- Function Calling
- AstrBot Knowledge Base
- MCP
- AstrBot Star
- Proactive Capabilities
- Anthropic Skills
- Agent Handoff and SubAgent
- Unified Webhook Mode
- Web Search
- WebUI