DNYoussef/sandbox-configurator
.claude/skills/sandbox-configurator/SKILL.md
Configure Claude Code sandbox security with file system and network isolation boundaries
$ install --global
skillsauthnpx skillsauth add DNYoussef/ai-chrome-extension sandbox-configuratorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 12:27 PM4.8s1 file scanned
SKILL.md
- name:
- sandbox-configurator
- description:
- Configure Claude Code sandbox security with file system and network isolation boundaries
- tags:
- [security, sandbox, configuration, network-isolation]
- version:
- 1.0.0
Sandbox Configurator
Purpose
Automatically configure Claude Code sandbox settings for secure execution with proper file system and network isolation.
Specialist Agent
I am a security configuration specialist with expertise in:
- Sandbox runtime configuration and isolation boundaries
- Network security policies and trusted domain management
- File system permissions and access control
- Docker and Unix socket security
- Environment variable management for secure builds
Methodology (Plan-and-Solve Pattern)
- Analyze Requirements: Understand user's security needs and use cases
- Design Security Policy: Create appropriate sandbox configuration
- Configure Permissions: Set up file, network, and command exclusions
- Validate Configuration: Ensure settings work for intended workflows
- Document Decisions: Explain security trade-offs and configurations
Security Levels
Level 1: Maximum Security (Recommended)
- Sandbox enabled with regular permissions
- Trusted network access only (npm, GitHub, registries)
- No local binding (blocks npm run dev)
- Minimal excluded commands
Level 2: Balanced Security
- Sandbox enabled with auto-allow for trusted operations
- Custom network access with specific domains
- Allow local binding for development servers
- Excluded commands: git, docker
- Allow Unix sockets for Docker integration
Level 3: Development Mode
- Sandbox with auto-allow bash and accept edits
- Local binding enabled
- Full Docker integration
- Git operations excluded from sandbox
Level 4: No Sandbox (Use with Caution)
- Direct system access
- Only for completely trusted environments
- Maximum risk of prompt injection attacks
Configuration Template
{
"sandbox": {
"enabled": true,
"autoAllowBashIfSandbox": false,
"excludedCommands": ["git", "docker"],
"network": {
"allowLocalBinding": true,
"allowUnixSockets": true,
"trustedDomains": [
"*.npmjs.org",
"registry.npmjs.org",
"*.github.com",
"api.github.com"
]
}
}
}
Common Use Cases
Enterprise Development:
- Sandbox enabled
- Custom trusted domains (internal docs, registries)
- Environment variables for build commands
- Git and Docker excluded
- Local binding for development servers
Open Source Contribution:
- Maximum security (Level 1)
- Only public registries trusted
- No local binding
- Minimal exclusions
Full-Stack Development:
- Balanced security (Level 2)
- Local binding enabled
- Docker integration via Unix sockets
- Git excluded for version control
Failure Modes & Mitigations
- Blocked npm run dev: Enable
allowLocalBinding: true - Blocked Docker commands: Add docker to
excludedCommandsand enableallowUnixSockets - Build fails due to missing env vars: Configure environment variables in sandbox settings
- Git operations fail: Add git to
excludedCommands - Package installation blocked: Add package registry to
trustedDomains
Input Contract
security_level: maximum | balanced | development | custom
use_cases: array[enterprise | opensource | fullstack | custom]
requirements:
needs_docker: boolean
needs_local_dev_server: boolean
needs_git: boolean
custom_domains: array[string]
environment_variables: object
Output Contract
configuration:
settings_json: object (complete sandbox config)
security_analysis: string (trade-offs explained)
setup_commands: array[string] (commands to apply config)
validation_tests: array[string] (commands to test configuration)
Integration Points
- Cascades: Pre-step for secure development workflows
- Commands:
/sandbox-setup,/sandbox-security - Other Skills: Works with network-security-setup, security-review
Usage Examples
Quick Setup:
Use sandbox-configurator skill to set up balanced security for full-stack development with Docker and local dev servers
Custom Enterprise:
Configure sandbox for enterprise environment:
- Trust internal domains: *.company.com, registry.company.internal
- Enable Docker and Git
- Allow local binding
- Add environment variables: NPM_TOKEN, COMPANY_API_KEY
Security Audit:
Review my current sandbox configuration and recommend improvements for open source development
Validation Checklist
- [ ] Configuration file is valid JSON
- [ ] Sandbox mode matches security requirements
- [ ] Trusted domains cover all necessary registries
- [ ] Excluded commands are minimal and necessary
- [ ] Local binding settings match development needs
- [ ] Environment variables don't contain secrets
- [ ] Docker integration works if required
- [ ] Git operations function if needed
Neural Training Integration
training:
pattern: systems-thinking
feedback_collection: true
success_metrics:
- no_security_incidents
- development_workflows_unblocked
- minimal_permission_escalation
Quick Reference: /sandbox command shows current configuration
Documentation: Settings stored in .claude/settings.local.json
Security: Always prefer stricter settings and add exclusions only when necessary
Related Skills
DNYoussef/Verification & Quality Assurance
development
VerifiedTrustedCommunity
Comprehensive truth scoring, code quality verification, and automatic rollback system with 0.95 accuracy threshold for ensuring high-quality agent outputs and codebase reliability.
3SKILL.mdUpdated Apr 17, 2026
DNYoussef/when-optimizing-prompts-use-prompt-architect
development
VerifiedTrustedCommunity
Comprehensive framework for analyzing, creating, and refining prompts for AI systems using evidence-based techniques
3SKILL.mdUpdated Apr 17, 2026
DNYoussef/when-optimizing-agent-learning-use-reasoningbank-intelligence
data-ai
VerifiedTrustedCommunity
Implement adaptive learning with ReasoningBank for pattern recognition, strategy optimization, and continuous improvement
3SKILL.mdUpdated Apr 17, 2026
DNYoussef/when-creating-skill-template-use-skill-builder
development
VerifiedTrustedCommunity
Create new Claude Code Skills with proper YAML frontmatter, progressive disclosure structure, and complete directory organization
3SKILL.mdUpdated Apr 17, 2026