melodic-software/gemini-sandbox-configuration
plugins/google-ecosystem/skills/gemini-sandbox-configuration/SKILL.md
Central authority for Gemini CLI sandboxing and isolation. Covers Docker, Podman, macOS Seatbelt profiles, and security boundaries. Use when enabling sandboxing, choosing sandbox methods, configuring Seatbelt profiles, or troubleshooting sandbox issues. Delegates 100% to gemini-cli-docs for official documentation.
$ install --global
skillsauthnpx skillsauth add melodic-software/claude-code-plugins gemini-sandbox-configurationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:49 AM10.9s1 file scanned
SKILL.md
- name:
- gemini-sandbox-configuration
- description:
- Central authority for Gemini CLI sandboxing and isolation. Covers Docker, Podman, macOS Seatbelt profiles, and security boundaries. Use when enabling sandboxing, choosing sandbox methods, configuring Seatbelt profiles, or troubleshooting sandbox issues. Delegates 100% to gemini-cli-docs for official documentation.
- argument-hint:
- <command>
- allowed-tools:
- Read, Glob, Grep, Bash, Skill
Gemini Sandbox Configuration
MANDATORY: Invoke gemini-cli-docs First
STOP - Before providing ANY response about Gemini sandboxing:
- INVOKE
gemini-cli-docsskill- QUERY for the specific sandbox topic
- BASE responses EXCLUSIVELY on official documentation loaded
Overview
Meta-skill for configuring Gemini CLI's sandbox isolation. Sandboxing isolates potentially dangerous operations from your host system.
When to Use This Skill
Keywords: sandbox, docker, podman, seatbelt, isolation, container, safe execution, -s flag, GEMINI_SANDBOX
Use this skill when:
- Enabling sandboxing for the first time
- Choosing between sandbox methods
- Configuring Seatbelt profiles (macOS)
- Troubleshooting sandbox issues
- Understanding security boundaries
Sandbox Methods
| Method | Platform | Isolation | | --- | --- | --- | | Docker | All | Full container | | Podman | All | Rootless container | | Seatbelt | macOS | Process sandbox |
Configuration
Enable via Command Flag
gemini -s -p "command"
Enable via Environment
export GEMINI_SANDBOX=true
gemini "command"
# Or specify method
export GEMINI_SANDBOX=docker
export GEMINI_SANDBOX=podman
export GEMINI_SANDBOX=sandbox-exec
Enable via Settings
Add to settings.json:
{
"tools": {
"sandbox": true
}
}
Or specify method:
{
"tools": {
"sandbox": "docker"
}
}
Seatbelt Profiles (macOS)
Set via SEATBELT_PROFILE environment variable:
| Profile | Writes | Network |
| --- | --- | --- |
| permissive-open (default) | Restricted | Allowed |
| permissive-closed | Restricted | Blocked |
| permissive-proxied | Restricted | Via proxy |
| restrictive-open | Strict | Allowed |
| restrictive-closed | Strict | Blocked |
Custom Sandbox Flags
For container-based sandboxing, inject custom flags:
export SANDBOX_FLAGS="--security-opt label=disable"
Keyword Registry (Delegates to gemini-cli-docs)
| Topic | Query Keywords |
| --- | --- |
| Enable | enable sandbox, -s flag, GEMINI_SANDBOX |
| Docker | docker sandbox, container isolation |
| Podman | podman sandbox, rootless container |
| Seatbelt | seatbelt profiles, sandbox-exec macos |
| Custom flags | SANDBOX_FLAGS, custom docker flags |
| Troubleshooting | sandbox troubleshooting, operation not permitted |
Quick Decision Tree
What do you want to do?
- Enable sandbox quickly -> Use
-sflag - Make it persistent -> Add to settings.json
- Use Docker -> Set
GEMINI_SANDBOX=docker - Use stricter macOS -> Set
SEATBELT_PROFILE=restrictive-closed - Debug issues -> Use
DEBUG=1 gemini -s
Troubleshooting
| Error | Cause | Solution |
| --- | --- | --- |
| "Operation not permitted" | Sandbox restriction | Expected behavior |
| "Docker not found" | Docker not running | Start Docker daemon |
| Network blocked | Restrictive profile | Use permissive-open |
| Missing commands | Not in sandbox image | Add to custom Dockerfile |
Security Notes
- Sandboxing reduces but doesn't eliminate all risks
- Use most restrictive profile that allows your work
- GUI applications may not work in sandbox
- Container overhead is minimal after first build
Verification Checkpoint
- [ ] Did I invoke gemini-cli-docs skill?
- [ ] Did official documentation load?
- [ ] Is my response based EXCLUSIVELY on official docs?
Test Scenarios
Scenario 1: Enable Sandbox
Query: "How do I enable sandboxing in Gemini CLI?" Expected Behavior:
- Skill activates on "sandbox" keyword
- Delegates to gemini-cli-docs for configuration options Success Criteria: User receives -s flag and settings.json configuration
Scenario 2: macOS Seatbelt
Query: "How do I configure Seatbelt profiles for Gemini CLI?" Expected Behavior:
- Skill activates on "seatbelt" or "macos sandbox"
- Provides SEATBELT_PROFILE environment variable options Success Criteria: User receives profile comparison table
Scenario 3: Troubleshoot Sandbox
Query: "Getting 'operation not permitted' in Gemini sandbox" Expected Behavior:
- Skill activates on "sandbox troubleshooting" or "operation not permitted"
- Explains expected sandbox restrictions Success Criteria: User understands behavior is expected and gets workarounds
References
Query gemini-cli-docs for official documentation on:
- "sandbox"
- "seatbelt profiles"
- "docker sandbox"
User-Facing Interface
When invoked directly by the user, this skill executes a command in Gemini CLI's sandboxed environment.
Execution Workflow
- Parse Arguments - Extract the shell command from
$ARGUMENTS. If no command provided, ask the user what to execute in sandbox. - Validate Command - Ensure the command is non-empty and reasonable for sandboxed execution.
- Execute in Sandbox - Run the command using Gemini CLI's
-sflag for sandbox enforcement with appropriate sandbox type (Docker, Podman, or macOS Seatbelt). - Report Results - Present execution output including stdout, stderr, exit code, and observations about command behavior in the sandboxed environment.
Version History
- v1.1.0 (2025-12-01): Added Test Scenarios section
- v1.0.0 (2025-11-25): Initial release
Related Skills
melodic-software/milan-jovanovic-blog
development
VerifiedTrustedCommunity
Search Milan Jovanovic's .NET blog for Clean Architecture, DDD, CQRS, EF Core, and ASP.NET Core patterns. Use for finding applicable patterns, code examples, and architecture guidance. Invoke when working with .NET projects that could benefit from proven architectural patterns.
47SKILL.mdUpdated Apr 7, 2026
melodic-software/setup-dab
tools
VerifiedTrustedCommunity
Install and configure Data API Builder (DAB) for production SQL Server MCP access with RBAC
47SKILL.mdUpdated Apr 7, 2026
melodic-software/mssql
tools
VerifiedTrustedCommunity
Manage MssqlMcp servers - status, rebuild, and upstream updates
47SKILL.mdUpdated Apr 7, 2026
melodic-software/onboarding
tools
VerifiedTrustedCommunity
Developer environment setup guides for Windows, macOS, Linux, and WSL. Use when setting up development machines, installing tools, configuring environments, or following platform-specific setup guides. Covers package management, shell/terminal, code editors, AI tooling, containerization, databases, and more.
47SKILL.mdUpdated Apr 7, 2026