ddalcu/sandbox
templates/skills/sandbox/SKILL.md
Execute JavaScript, shell commands, fetch web content, and control a browser
$ install --global
skillsauthnpx skillsauth add ddalcu/agent-orcha sandboxInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 7:50 AM7.0s1 file scanned
SKILL.md
- name:
- sandbox
- description:
- Execute JavaScript, shell commands, fetch web content, and control a browser
- sandbox:
- true
Sandbox Tools
sandbox_exec
Run JavaScript in isolated VM. Use console.log() for output, return for result. No fetch/require — use sandbox_web_fetch for HTTP.
sandbox_shell
Run shell commands in /tmp with limited permissions (Docker only).
sandbox_web_fetch
Fetch web pages (auto-converted to markdown) or APIs (raw: true).
sandbox_web_search
Search DuckDuckGo. Params: query, num_results.
Browser Tools
Observe → Act → Observe loop. Elements have short refs (e1, e2...) — use them in click/type.
| Tool | Use |
|------|-----|
| sandbox_browser_observe | Text snapshot with element refs. Primary verification tool. |
| sandbox_browser_navigate | Go to URL, wait for ready, return snapshot |
| sandbox_browser_click | Click by ref ("e3") or text ("Submit") |
| sandbox_browser_type | Type by ref ("e5"), dispatches input/change events |
| sandbox_browser_content | Page as markdown (optional selector) |
| sandbox_browser_evaluate | Run JS, reports side effects |
| sandbox_browser_screenshot | PNG screenshot (expensive, last resort) |
Best Practices
- Use
sandbox_web_fetchfor HTTP — notfetchin sandbox_exec - Use observe to verify page state — not screenshots
- Use refs from observe output in click/type — don't guess selectors
- Check
sideEffectsin evaluate results
Related Skills
ddalcu/test-skill
testing
VerifiedTrustedCommunity
A test skill for unit testing
11SKILL.mdUpdated Apr 4, 2026
ddalcu/sandbox-skill
databases
VerifiedTrustedCommunity
A skill that requires sandbox
11SKILL.mdUpdated Apr 4, 2026
ddalcu/web-pilot
tools
VerifiedTrustedCommunity
Browser automation — observe-act loop with refs
11SKILL.mdUpdated Apr 4, 2026
ddalcu/pii-guard
testing
VerifiedTrustedCommunity
PII and OWASP security filtering rules
11SKILL.mdUpdated Apr 4, 2026