MCP HubMCP Hub
Volver a habilidades

sandbox-configurator

DNYoussef
Actualizado Today
411 vistas
3
3
Ver en GitHub
Desarrollosecuritysandboxconfigurationnetwork-isolation

Acerca de

La habilidad sandbox-configurator configura automáticamente el entorno de ejecución de Claude Code con límites de seguridad para el aislamiento del sistema de archivos y de red. Permite a los desarrolladores definir dominios confiables, gestionar permisos de archivos y controlar el acceso a la red para una ejecución segura de código. Utilice esta habilidad cuando necesite configurar un entorno aislado y seguro (sandbox) para ejecutar código no confiable o construir aplicaciones.

Instalación rápida

Claude Code

Recomendado
Principal
npx skills add DNYoussef/ai-chrome-extension
Comando PluginAlternativo
/plugin add https://github.com/DNYoussef/ai-chrome-extension
Git CloneAlternativo
git clone https://github.com/DNYoussef/ai-chrome-extension.git ~/.claude/skills/sandbox-configurator

Copia y pega este comando en Claude Code para instalar esta habilidad

Documentación

Sandbox Configurator

Purpose

Automatically configure Claude Code sandbox settings for secure execution with proper file system and network isolation.

Specialist Agent

I am a security configuration specialist with expertise in:

  • Sandbox runtime configuration and isolation boundaries
  • Network security policies and trusted domain management
  • File system permissions and access control
  • Docker and Unix socket security
  • Environment variable management for secure builds

Methodology (Plan-and-Solve Pattern)

  1. Analyze Requirements: Understand user's security needs and use cases
  2. Design Security Policy: Create appropriate sandbox configuration
  3. Configure Permissions: Set up file, network, and command exclusions
  4. Validate Configuration: Ensure settings work for intended workflows
  5. Document Decisions: Explain security trade-offs and configurations

Security Levels

Level 1: Maximum Security (Recommended)

  • Sandbox enabled with regular permissions
  • Trusted network access only (npm, GitHub, registries)
  • No local binding (blocks npm run dev)
  • Minimal excluded commands

Level 2: Balanced Security

  • Sandbox enabled with auto-allow for trusted operations
  • Custom network access with specific domains
  • Allow local binding for development servers
  • Excluded commands: git, docker
  • Allow Unix sockets for Docker integration

Level 3: Development Mode

  • Sandbox with auto-allow bash and accept edits
  • Local binding enabled
  • Full Docker integration
  • Git operations excluded from sandbox

Level 4: No Sandbox (Use with Caution)

  • Direct system access
  • Only for completely trusted environments
  • Maximum risk of prompt injection attacks

Configuration Template

{
  "sandbox": {
    "enabled": true,
    "autoAllowBashIfSandbox": false,
    "excludedCommands": ["git", "docker"],
    "network": {
      "allowLocalBinding": true,
      "allowUnixSockets": true,
      "trustedDomains": [
        "*.npmjs.org",
        "registry.npmjs.org",
        "*.github.com",
        "api.github.com"
      ]
    }
  }
}

Common Use Cases

Enterprise Development:

  • Sandbox enabled
  • Custom trusted domains (internal docs, registries)
  • Environment variables for build commands
  • Git and Docker excluded
  • Local binding for development servers

Open Source Contribution:

  • Maximum security (Level 1)
  • Only public registries trusted
  • No local binding
  • Minimal exclusions

Full-Stack Development:

  • Balanced security (Level 2)
  • Local binding enabled
  • Docker integration via Unix sockets
  • Git excluded for version control

Failure Modes & Mitigations

  • Blocked npm run dev: Enable allowLocalBinding: true
  • Blocked Docker commands: Add docker to excludedCommands and enable allowUnixSockets
  • Build fails due to missing env vars: Configure environment variables in sandbox settings
  • Git operations fail: Add git to excludedCommands
  • Package installation blocked: Add package registry to trustedDomains

Input Contract

security_level: maximum | balanced | development | custom
use_cases: array[enterprise | opensource | fullstack | custom]
requirements:
  needs_docker: boolean
  needs_local_dev_server: boolean
  needs_git: boolean
  custom_domains: array[string]
  environment_variables: object

Output Contract

configuration:
  settings_json: object (complete sandbox config)
  security_analysis: string (trade-offs explained)
  setup_commands: array[string] (commands to apply config)
  validation_tests: array[string] (commands to test configuration)

Integration Points

  • Cascades: Pre-step for secure development workflows
  • Commands: /sandbox-setup, /sandbox-security
  • Other Skills: Works with network-security-setup, security-review

Usage Examples

Quick Setup:

Use sandbox-configurator skill to set up balanced security for full-stack development with Docker and local dev servers

Custom Enterprise:

Configure sandbox for enterprise environment:
- Trust internal domains: *.company.com, registry.company.internal
- Enable Docker and Git
- Allow local binding
- Add environment variables: NPM_TOKEN, COMPANY_API_KEY

Security Audit:

Review my current sandbox configuration and recommend improvements for open source development

Validation Checklist

  • Configuration file is valid JSON
  • Sandbox mode matches security requirements
  • Trusted domains cover all necessary registries
  • Excluded commands are minimal and necessary
  • Local binding settings match development needs
  • Environment variables don't contain secrets
  • Docker integration works if required
  • Git operations function if needed

Neural Training Integration

training:
  pattern: systems-thinking
  feedback_collection: true
  success_metrics:
    - no_security_incidents
    - development_workflows_unblocked
    - minimal_permission_escalation

Quick Reference: /sandbox command shows current configuration Documentation: Settings stored in .claude/settings.local.json Security: Always prefer stricter settings and add exclusions only when necessary

Repositorio GitHub

DNYoussef/ai-chrome-extension
Ruta: .claude/skills/sandbox-configurator

Habilidades relacionadas

network-security-setup

Desarrollo

This skill configures Claude Code sandbox network isolation by setting up trusted domain whitelists and custom access policies. It helps developers secure code execution by managing environment variables and preventing unauthorized network access. Use it to implement zero-trust architecture and prevent prompt injection attacks via network controls.

Ver habilidad

github-workflow-automation

Otro

This skill automates GitHub Actions workflows with AI swarm coordination for intelligent CI/CD pipelines and repository management. It generates, analyzes, and orchestrates workflows using adaptive automation capabilities. Use it when you need to streamline GitHub automation with self-organizing, multi-agent coordination.

Ver habilidad

when-mapping-dependencies-use-dependency-mapper

Otro

This skill provides comprehensive dependency mapping and analysis for software projects across multiple package managers. It extracts dependency trees, detects issues, audits for vulnerabilities, and generates visualizations. Use it when you need to understand, analyze, or visualize project dependencies and their security implications.

Ver habilidad

github-workflow-automation

Otro

This skill automates GitHub Actions workflows with AI swarm coordination for intelligent CI/CD pipelines and repository management. It helps developers create self-organizing, adaptive workflows through code analysis and automated workflow generation. Use it when you need to streamline GitHub automation with AI-powered coordination across complex deployment processes.

Ver habilidad