Learn-skills.dev security-sandbox
Secure command execution with allowlists and validation hooks. Use when validating bash commands, configuring security policies, implementing pre-tool-use hooks, or sandboxing autonomous agent operations.
install
source · Clone the upstream repo
git clone https://github.com/NeverSight/learn-skills.dev
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/NeverSight/learn-skills.dev "$T" && mkdir -p ~/.claude/skills && cp -r "$T/data/skills-md/adaptationio/skrillz/security-sandbox" ~/.claude/skills/neversight-learn-skills-dev-security-sandbox && rm -rf "$T"
manifest:
data/skills-md/adaptationio/skrillz/security-sandbox/SKILL.mdsource content
Security Sandbox
Provides defense-in-depth security for autonomous coding operations through command validation, allowlists, and execution hooks.
Quick Start
Validate a Command
from scripts.command_validator import validate_command result = validate_command("npm install express") if result.allowed: # Safe to execute pass else: print(f"Blocked: {result.reason}")
Use Security Hook
from scripts.security_manager import create_bash_security_hook hook = create_bash_security_hook() # Hook returns decision for Claude SDK decision = await hook({ "tool_input": {"command": "rm -rf /"} }) # decision = {"decision": "block", "reason": "Command 'rm' requires approval"}
Configure Allowlist
from scripts.allowlist import Allowlist allowlist = Allowlist() allowlist.add("docker") allowlist.add("kubectl") allowlist.remove("rm") # Disallow rm
Security Model
┌─────────────────────────────────────────────────────────────┐ │ DEFENSE IN DEPTH │ ├─────────────────────────────────────────────────────────────┤ │ │ │ LAYER 1: SANDBOX │ │ ├─ OS-level isolation │ │ ├─ Filesystem restrictions │ │ └─ Network limitations │ │ │ │ LAYER 2: PERMISSIONS │ │ ├─ Tool allowlist (Read, Write, Bash...) │ │ ├─ Path restrictions (./**) │ │ └─ Operation limits │ │ │ │ LAYER 3: COMMAND VALIDATION │ │ ├─ Command extraction & parsing │ │ ├─ Allowlist checking │ │ └─ Dangerous pattern detection │ │ │ │ LAYER 4: HOOKS │ │ ├─ PreToolUse validation │ │ ├─ Real-time blocking │ │ └─ Audit logging │ │ │ └─────────────────────────────────────────────────────────────┘
Default Allowlist
ALLOWED_COMMANDS = { # File inspection "ls", "cat", "head", "tail", "wc", "grep", "find", # File operations "cp", "mkdir", "chmod", "touch", # Node.js "npm", "node", "npx", "yarn", "pnpm", # Python "python", "python3", "pip", "pip3", "poetry", # Version control "git", # Process management "ps", "lsof", "sleep", "pkill", "kill", # System info "pwd", "whoami", "uname", "which", "env", # Network (limited) "curl", "wget", }
Dangerous Patterns
These patterns are always blocked:
| Pattern | Risk | Example |
|---|---|---|
| System destruction | Wipes filesystem |
| Disk corruption | Overwrites disk |
| Security hole | World-writable |
| Code injection | Remote execution |
| Fork bomb | DoS attack |
| Disk fill | Resource exhaustion |
Hook Integration
# For Claude SDK integration from scripts.security_manager import SecurityManager manager = SecurityManager() # Configure SDK with hooks sdk_options = { "hooks": { "PreToolUse": [manager.pre_tool_hook] } }
Integration Points
- autonomous-session-manager: Provides security during sessions
- coding-agent: Uses hooks for safe command execution
- autonomous-loop: Ensures safety in continuous operation
References
- Full allowlist documentationreferences/ALLOWED-COMMANDS.md
- Security architecturereferences/SECURITY-MODEL.md
- Custom rule configurationreferences/CUSTOM-RULES.md
Scripts
- Core security managerscripts/security_manager.py
- Command validationscripts/command_validator.py
- Allowlist managementscripts/allowlist.py
- Sandbox configurationscripts/sandbox_config.py