OpenSkillIndex← back to search
claude-codesecurity

Claude-skill-registry codex-sandbox

Run code in Codex fully isolated sandbox - network disabled, CWD only, Seatbelt/Docker isolation

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/codex-sandbox" ~/.claude/skills/majiayu000-claude-skill-registry-codex-sandbox && rm -rf "$T"
manifest: skills/data/codex-sandbox/SKILL.md
tags
#code-execution#sandbox#security#isolation#devops#risk-mitigation
source content

Codex Sandbox Skill

LIBRARY-FIRST PROTOCOL (MANDATORY)

Before writing ANY code, you MUST check:

Step 1: Library Catalog

  • Location: 
    .claude/library/catalog.json
  • If match >70%: REUSE or ADAPT

Step 2: Patterns Guide

  • Location: 
    .claude/docs/inventories/LIBRARY-PATTERNS-GUIDE.md
  • If pattern exists: FOLLOW documented approach

Step 3: Existing Projects

  • Location: 
    D:\Projects\*
  • If found: EXTRACT and adapt

Decision Matrix

MatchAction
Library >90%REUSE directly
Library 70-90%ADAPT minimally
Pattern existsFOLLOW pattern
In projectEXTRACT
No matchBUILD (add to library after)

Purpose

Execute code in Codex's fully isolated sandbox environment for safe experimentation with untrusted or risky code.

Unique Capability

What Claude Can't Do: Claude runs in your environment. Codex sandbox provides:

  • Network DISABLED: No external connections
  • CWD only: Cannot access parent directories
  • OS-level isolation: macOS Seatbelt or Docker
  • Resource limits: CPU, memory constraints
  • Safe experimentation: Can't break your system

When to Use

Perfect For:

  • Running untrusted code safely
  • Risky refactoring experiments
  • Testing code with potential bugs
  • Isolated prototyping
  • Security research
  • Experimental dependencies

Don't Use When:

  • Need network access
  • Need to access files outside project
  • Production debugging

Usage

# Basic sandbox execution
/codex-sandbox "Refactor auth system and run tests"

# With iteration limit
/codex-sandbox "Fix all tests" --max-iterations 10

# Risky experiment
/codex-sandbox "Try experimental algorithm implementation"

CLI Command

codex --full-auto --sandbox true --network disabled "Your task"

# Via script
CODEX_MODE=sandbox bash scripts/multi-model/codex-yolo.sh "Task" "id" "." "10" "sandbox"

Isolation Layers

LayerProtection
NetworkDISABLED - no external connections
FilesystemCWD only - no parent access
OS-LevelSeatbelt (macOS) / Docker
ProcessSubprocess jail with limits
CommandsBlocked: rm -rf, sudo, etc.

Integration Pattern

// 1. Run risky refactoring in sandbox
const result = await codexSandbox("Refactor entire auth system");

// 2. If successful, apply to real codebase
if (result.tests_pass) {
  Task("Coder", "Apply sandboxed changes to main", "coder");
}

Memory Integration

  • Key: 
    multi-model/codex/sandbox/{session_id}
  • Contains: commands, files created/modified, test results