OpenSkillIndex← back to search
claude-codesecurity

Babysitter plugin-sandbox-setup

Configure plugin sandboxing with vm2 or isolated-vm for secure plugin execution.

install
source · Clone the upstream repo
git clone https://github.com/a5c-ai/babysitter
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/a5c-ai/babysitter "$T" && mkdir -p ~/.claude/skills && cp -r "$T/library/specializations/cli-mcp-development/skills/plugin-sandbox-setup" ~/.claude/skills/a5c-ai-babysitter-plugin-sandbox-setup && rm -rf "$T"
manifest: library/specializations/cli-mcp-development/skills/plugin-sandbox-setup/SKILL.md
tags
#sandboxing#secure-execution#vm2#isolated-vm#plugin-security
source content

Plugin Sandbox Setup

Configure plugin sandboxing for security.

Generated Patterns

import ivm from 'isolated-vm';

export async function runInSandbox(code: string, context: Record<string, unknown>) {
  const isolate = new ivm.Isolate({ memoryLimit: 128 });
  const vmContext = isolate.createContextSync();
  const jail = vmContext.global;

  for (const [key, value] of Object.entries(context)) {
    jail.setSync(key, new ivm.ExternalCopy(value).copyInto());
  }

  const script = isolate.compileScriptSync(code);
  const result = await script.run(vmContext, { timeout: 5000 });
  isolate.dispose();
  return result;
}

Target Processes

  • plugin-architecture-implementation
  • mcp-server-security-hardening