From google-ecosystem
Configures Gemini CLI sandbox isolation using Docker, Podman, or macOS Seatbelt profiles. Enables via flags, env vars, or settings; selects methods and troubleshoots issues.
npx claudepluginhub melodic-software/claude-code-plugins --plugin google-ecosystemThis skill is limited to using the following tools:
> **STOP - Before providing ANY response about Gemini sandboxing:**
Guides Claude Code sandbox configuration for filesystem/network isolation, OS enforcement (bubblewrap/Seatbelt), proxies, escape hatches, and troubleshooting via docs-management delegation.
Guides Google Gemini CLI configuration including global/project settings.json, trusted folders, policy engine, environment variables, and precedence troubleshooting. Delegates to official docs.
Runs Google's Gemini CLI for code generation, review, analysis, web research via Google Search, and codebase architecture investigation. Use for second AI opinions, real-time web data, or parallel code tasks.
Share bugs, ideas, or general feedback.
STOP - Before providing ANY response about Gemini sandboxing:
- INVOKE
gemini-cli-docsskill- QUERY for the specific sandbox topic
- BASE responses EXCLUSIVELY on official documentation loaded
Meta-skill for configuring Gemini CLI's sandbox isolation. Sandboxing isolates potentially dangerous operations from your host system.
Keywords: sandbox, docker, podman, seatbelt, isolation, container, safe execution, -s flag, GEMINI_SANDBOX
Use this skill when:
| Method | Platform | Isolation |
|---|---|---|
| Docker | All | Full container |
| Podman | All | Rootless container |
| Seatbelt | macOS | Process sandbox |
gemini -s -p "command"
export GEMINI_SANDBOX=true
gemini "command"
# Or specify method
export GEMINI_SANDBOX=docker
export GEMINI_SANDBOX=podman
export GEMINI_SANDBOX=sandbox-exec
Add to settings.json:
{
"tools": {
"sandbox": true
}
}
Or specify method:
{
"tools": {
"sandbox": "docker"
}
}
Set via SEATBELT_PROFILE environment variable:
| Profile | Writes | Network |
|---|---|---|
permissive-open (default) | Restricted | Allowed |
permissive-closed | Restricted | Blocked |
permissive-proxied | Restricted | Via proxy |
restrictive-open | Strict | Allowed |
restrictive-closed | Strict | Blocked |
For container-based sandboxing, inject custom flags:
export SANDBOX_FLAGS="--security-opt label=disable"
| Topic | Query Keywords |
|---|---|
| Enable | enable sandbox, -s flag, GEMINI_SANDBOX |
| Docker | docker sandbox, container isolation |
| Podman | podman sandbox, rootless container |
| Seatbelt | seatbelt profiles, sandbox-exec macos |
| Custom flags | SANDBOX_FLAGS, custom docker flags |
| Troubleshooting | sandbox troubleshooting, operation not permitted |
What do you want to do?
-s flagGEMINI_SANDBOX=dockerSEATBELT_PROFILE=restrictive-closedDEBUG=1 gemini -s| Error | Cause | Solution |
|---|---|---|
| "Operation not permitted" | Sandbox restriction | Expected behavior |
| "Docker not found" | Docker not running | Start Docker daemon |
| Network blocked | Restrictive profile | Use permissive-open |
| Missing commands | Not in sandbox image | Add to custom Dockerfile |
Query: "How do I enable sandboxing in Gemini CLI?" Expected Behavior:
Query: "How do I configure Seatbelt profiles for Gemini CLI?" Expected Behavior:
Query: "Getting 'operation not permitted' in Gemini sandbox" Expected Behavior:
Query gemini-cli-docs for official documentation on:
When invoked directly by the user, this skill executes a command in Gemini CLI's sandboxed environment.
$ARGUMENTS. If no command provided, ask the user what to execute in sandbox.-s flag for sandbox enforcement with appropriate sandbox type (Docker, Podman, or macOS Seatbelt).