shreed27/sandbox
CloddsBot-main/src/skills/bundled/sandbox/SKILL.md
Safe code execution in Docker containers with resource limits
development
Updated Apr 22, 2026
$ install --global
skillsauthnpx skillsauth add shreed27/dain sandboxInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 6:35 AM114.8s2 files scanned
SKILL.md
- name:
- sandbox
- description:
- Safe code execution in Docker containers with resource limits
- emoji:
- 📦
Sandbox - Complete API Reference
Execute code safely in isolated Docker containers with resource limits and timeout protection.
Chat Commands
Run Code
/run python "print('Hello')" Run Python code
/run node "console.log('Hi')" Run JavaScript
/run bash "ls -la" Run shell command
/run ruby "puts 'Hello'" Run Ruby code
With Options
/run python "code" --timeout 30 Set timeout (seconds)
/run node "code" --memory 512 Memory limit (MB)
/run python "code" --file script.py From file
Sandbox Management
/sandbox status Container status
/sandbox images Available images
/sandbox cleanup Remove old containers
TypeScript API Reference
Create Sandbox
import { createSandbox } from 'clodds/sandbox';
const sandbox = createSandbox({
// Docker settings
dockerHost: process.env.DOCKER_HOST,
// Default limits
defaultTimeoutMs: 30000,
defaultMemoryMB: 256,
defaultCpuShares: 512,
// Cleanup
autoCleanup: true,
maxContainerAgeMs: 3600000,
});
Run Code
// Run Python
const result = await sandbox.run({
language: 'python',
code: `
import math
print(f"Pi is {math.pi}")
`,
});
console.log(`Output: ${result.stdout}`);
console.log(`Exit code: ${result.exitCode}`);
console.log(`Duration: ${result.durationMs}ms`);
// Run with limits
const result = await sandbox.run({
language: 'node',
code: `console.log('Hello from Node.js')`,
timeout: 10000,
memoryMB: 128,
});
Supported Languages
// Python
await sandbox.run({ language: 'python', code: 'print("Hello")' });
// JavaScript (Node.js)
await sandbox.run({ language: 'node', code: 'console.log("Hello")' });
// Bash
await sandbox.run({ language: 'bash', code: 'echo "Hello"' });
// Ruby
await sandbox.run({ language: 'ruby', code: 'puts "Hello"' });
// Go
await sandbox.run({ language: 'go', code: 'package main\nimport "fmt"\nfunc main() { fmt.Println("Hello") }' });
Run From File
const result = await sandbox.runFile({
language: 'python',
filePath: '/path/to/script.py',
args: ['--input', 'data.csv'],
});
Install Packages
// Python packages
const result = await sandbox.run({
language: 'python',
code: `
import pandas as pd
print(pd.__version__)
`,
packages: ['pandas', 'numpy'],
});
// Node packages
const result = await sandbox.run({
language: 'node',
code: `
const _ = require('lodash');
console.log(_.VERSION);
`,
packages: ['lodash'],
});
Resource Limits
const result = await sandbox.run({
language: 'python',
code: 'import time; time.sleep(100)',
// Limits
timeout: 5000, // 5 second timeout
memoryMB: 256, // 256 MB RAM
cpuShares: 512, // CPU shares (default 1024)
networkDisabled: true, // No network access
});
Container Management
// Get status
const status = await sandbox.getStatus();
console.log(`Running containers: ${status.running}`);
console.log(`Total containers: ${status.total}`);
// List available images
const images = await sandbox.listImages();
for (const img of images) {
console.log(`${img.language}: ${img.image}`);
}
// Cleanup old containers
await sandbox.cleanup({
olderThan: '1h',
status: 'exited',
});
Language Images
| Language | Image | Version | |----------|-------|---------| | python | python:3.11-slim | 3.11 | | node | node:20-slim | 20.x | | bash | alpine:latest | Alpine | | ruby | ruby:3.2-slim | 3.2 | | go | golang:1.21-alpine | 1.21 |
Resource Limits
| Resource | Default | Max | |----------|---------|-----| | Timeout | 30s | 300s | | Memory | 256 MB | 2048 MB | | CPU | 512 shares | 2048 shares | | Disk | 100 MB | 1 GB |
Security
| Feature | Description | |---------|-------------| | Isolation | Each run in separate container | | No network | Network disabled by default | | No volumes | No host filesystem access | | Read-only | Filesystem is read-only | | Resource caps | Memory and CPU limits | | Timeout | Force kill after timeout |
Use Cases
Run Backtest
const result = await sandbox.run({
language: 'python',
code: backtestCode,
packages: ['pandas', 'numpy', 'ta'],
timeout: 60000,
memoryMB: 512,
});
Data Processing
const result = await sandbox.run({
language: 'python',
code: `
import json
data = ${JSON.stringify(inputData)}
result = process(data)
print(json.dumps(result))
`,
});
const output = JSON.parse(result.stdout);
Best Practices
- Set timeouts — Prevent runaway code
- Limit memory — Avoid OOM
- Disable network — Unless needed
- Use slim images — Faster startup
- Cleanup regularly — Remove old containers
Related Skills
shreed27/weather
data-ai
VerifiedTrustedCommunity
Weather betting - NOAA data for Polymarket weather markets
SKILL.mdUpdated Apr 22, 2026
shreed27/voice
tools
VerifiedTrustedCommunity
Voice recognition, wake words, and voice-controlled trading
SKILL.mdUpdated Apr 22, 2026
shreed27/virtuals
data-ai
VerifiedTrustedCommunity
Virtuals Protocol AI Agent marketplace (Base chain)
SKILL.mdUpdated Apr 22, 2026
shreed27/verify
testing
VerifiedTrustedCommunity
Verify agent identity using ERC-8004 on-chain registry
SKILL.mdUpdated Apr 22, 2026