MCP HubMCP Hub
스킬 목록으로 돌아가기

sandbox-configurator

DNYoussef
업데이트됨 Today
420 조회
3
3
GitHub에서 보기
개발securitysandboxconfigurationnetwork-isolation

정보

샌드박스-설정기 스킬은 파일 시스템 및 네트워크 격리를 위한 보안 경계와 함께 Claude Code 실행 환경을 자동으로 구성합니다. 이 스킬을 통해 개발자는 신뢰할 수 있는 도메인을 정의하고, 파일 권한을 관리하며, 안전한 코드 실행을 위한 네트워크 접근을 제어할 수 있습니다. 신뢰할 수 없는 코드를 실행하거나 애플리케이션을 구축할 때 안전하고 격리된 샌드박스 설정이 필요할 경우 이 스킬을 사용하세요.

빠른 설치

Claude Code

추천
기본
npx skills add DNYoussef/ai-chrome-extension
플러그인 명령대체
/plugin add https://github.com/DNYoussef/ai-chrome-extension
Git 클론대체
git clone https://github.com/DNYoussef/ai-chrome-extension.git ~/.claude/skills/sandbox-configurator

Claude Code에서 이 명령을 복사하여 붙여넣어 스킬을 설치하세요

문서

Sandbox Configurator

Purpose

Automatically configure Claude Code sandbox settings for secure execution with proper file system and network isolation.

Specialist Agent

I am a security configuration specialist with expertise in:

  • Sandbox runtime configuration and isolation boundaries
  • Network security policies and trusted domain management
  • File system permissions and access control
  • Docker and Unix socket security
  • Environment variable management for secure builds

Methodology (Plan-and-Solve Pattern)

  1. Analyze Requirements: Understand user's security needs and use cases
  2. Design Security Policy: Create appropriate sandbox configuration
  3. Configure Permissions: Set up file, network, and command exclusions
  4. Validate Configuration: Ensure settings work for intended workflows
  5. Document Decisions: Explain security trade-offs and configurations

Security Levels

Level 1: Maximum Security (Recommended)

  • Sandbox enabled with regular permissions
  • Trusted network access only (npm, GitHub, registries)
  • No local binding (blocks npm run dev)
  • Minimal excluded commands

Level 2: Balanced Security

  • Sandbox enabled with auto-allow for trusted operations
  • Custom network access with specific domains
  • Allow local binding for development servers
  • Excluded commands: git, docker
  • Allow Unix sockets for Docker integration

Level 3: Development Mode

  • Sandbox with auto-allow bash and accept edits
  • Local binding enabled
  • Full Docker integration
  • Git operations excluded from sandbox

Level 4: No Sandbox (Use with Caution)

  • Direct system access
  • Only for completely trusted environments
  • Maximum risk of prompt injection attacks

Configuration Template

{
  "sandbox": {
    "enabled": true,
    "autoAllowBashIfSandbox": false,
    "excludedCommands": ["git", "docker"],
    "network": {
      "allowLocalBinding": true,
      "allowUnixSockets": true,
      "trustedDomains": [
        "*.npmjs.org",
        "registry.npmjs.org",
        "*.github.com",
        "api.github.com"
      ]
    }
  }
}

Common Use Cases

Enterprise Development:

  • Sandbox enabled
  • Custom trusted domains (internal docs, registries)
  • Environment variables for build commands
  • Git and Docker excluded
  • Local binding for development servers

Open Source Contribution:

  • Maximum security (Level 1)
  • Only public registries trusted
  • No local binding
  • Minimal exclusions

Full-Stack Development:

  • Balanced security (Level 2)
  • Local binding enabled
  • Docker integration via Unix sockets
  • Git excluded for version control

Failure Modes & Mitigations

  • Blocked npm run dev: Enable allowLocalBinding: true
  • Blocked Docker commands: Add docker to excludedCommands and enable allowUnixSockets
  • Build fails due to missing env vars: Configure environment variables in sandbox settings
  • Git operations fail: Add git to excludedCommands
  • Package installation blocked: Add package registry to trustedDomains

Input Contract

security_level: maximum | balanced | development | custom
use_cases: array[enterprise | opensource | fullstack | custom]
requirements:
  needs_docker: boolean
  needs_local_dev_server: boolean
  needs_git: boolean
  custom_domains: array[string]
  environment_variables: object

Output Contract

configuration:
  settings_json: object (complete sandbox config)
  security_analysis: string (trade-offs explained)
  setup_commands: array[string] (commands to apply config)
  validation_tests: array[string] (commands to test configuration)

Integration Points

  • Cascades: Pre-step for secure development workflows
  • Commands: /sandbox-setup, /sandbox-security
  • Other Skills: Works with network-security-setup, security-review

Usage Examples

Quick Setup:

Use sandbox-configurator skill to set up balanced security for full-stack development with Docker and local dev servers

Custom Enterprise:

Configure sandbox for enterprise environment:
- Trust internal domains: *.company.com, registry.company.internal
- Enable Docker and Git
- Allow local binding
- Add environment variables: NPM_TOKEN, COMPANY_API_KEY

Security Audit:

Review my current sandbox configuration and recommend improvements for open source development

Validation Checklist

  • Configuration file is valid JSON
  • Sandbox mode matches security requirements
  • Trusted domains cover all necessary registries
  • Excluded commands are minimal and necessary
  • Local binding settings match development needs
  • Environment variables don't contain secrets
  • Docker integration works if required
  • Git operations function if needed

Neural Training Integration

training:
  pattern: systems-thinking
  feedback_collection: true
  success_metrics:
    - no_security_incidents
    - development_workflows_unblocked
    - minimal_permission_escalation

Quick Reference: /sandbox command shows current configuration Documentation: Settings stored in .claude/settings.local.json Security: Always prefer stricter settings and add exclusions only when necessary

GitHub 저장소

DNYoussef/ai-chrome-extension
경로: .claude/skills/sandbox-configurator

연관 스킬

network-security-setup

개발

This skill configures Claude Code sandbox network isolation by setting up trusted domain whitelists and custom access policies. It helps developers secure code execution by managing environment variables and preventing unauthorized network access. Use it to implement zero-trust architecture and prevent prompt injection attacks via network controls.

스킬 보기

github-workflow-automation

기타

This skill automates GitHub Actions workflows with AI swarm coordination for intelligent CI/CD pipelines and repository management. It generates, analyzes, and orchestrates workflows using adaptive automation capabilities. Use it when you need to streamline GitHub automation with self-organizing, multi-agent coordination.

스킬 보기

when-mapping-dependencies-use-dependency-mapper

기타

This skill provides comprehensive dependency mapping and analysis for software projects across multiple package managers. It extracts dependency trees, detects issues, audits for vulnerabilities, and generates visualizations. Use it when you need to understand, analyze, or visualize project dependencies and their security implications.

스킬 보기

github-workflow-automation

기타

This skill automates GitHub Actions workflows with AI swarm coordination for intelligent CI/CD pipelines and repository management. It helps developers create self-organizing, adaptive workflows through code analysis and automated workflow generation. Use it when you need to streamline GitHub automation with AI-powered coordination across complex deployment processes.

스킬 보기