From ralph-town
Daytona sandbox security. Use for token handling, credential security, full paths in SSH.
npx claudepluginhub spences10/ralph-town --plugin ralph-townThis skill uses the workspace's default tool permissions.
SSH sessions have broken PATH. ALWAYS use full paths:
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
SSH sessions have broken PATH. ALWAYS use full paths:
| Tool | Path |
|---|---|
| git | /usr/bin/git |
| gh | /usr/bin/gh |
| bun | /root/.bun/bin/bun |
| ls/cat/echo | /bin/ls, /bin/cat, /bin/echo |
NEVER embed tokens in URLs - they leak to process list, logs, errors.
# BAD - token visible in ps, logs, error messages
/usr/bin/git clone https://$GH_TOKEN@github.com/owner/repo.git
# GOOD - use credential helper
/usr/bin/git config --global credential.helper store
/bin/echo "https://oauth2:$GH_TOKEN@github.com" > ~/.git-credentials
/bin/chmod 600 ~/.git-credentials
/usr/bin/git clone https://github.com/owner/repo.git
Env vars via --env are visible to ALL processes in sandbox:
env command lists everything/proc/*/environ exposes all process env vars$GH_TOKENMitigations:
Team-lead configures credentials BEFORE spawning teammate:
# $GH_TOKEN expands LOCALLY (double quotes!)
ssh <token>@ssh.app.daytona.io "
/usr/bin/git config --global credential.helper store &&
/bin/echo 'https://oauth2:$GH_TOKEN@github.com' > ~/.git-credentials &&
/bin/chmod 600 ~/.git-credentials
"