Skill

sandbox-security

Daytona sandbox security. Use for token handling, credential security, full paths in SSH.

npx claudepluginhub spences10/ralph-town --plugin ralph-town

Popularity

Parent stars

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/ralph-town:sandbox-security

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

SSH sessions have broken PATH. ALWAYS use full paths:

Supporting Files

references/security-details.md

SKILL.md

70 lines · ~459 tokens

Similar Skills

varlock-claude-skill

37.9k

Provides secure environment variable management to prevent secrets exposure in Claude sessions, terminals, logs, or git commits.

antigravity-awesome-skills

sandbox-configuration

Guides Claude Code sandbox configuration for filesystem/network isolation, OS enforcement (bubblewrap/Seatbelt), proxies, escape hatches, and troubleshooting via docs-management delegation.

4 tools

claude-ecosystem

Cloudflare Sandboxes SDK

149

Enables secure execution of untrusted Python/Node.js code, git operations, and scripts in persistent Linux containers on Cloudflare edge using Workers SDK.

16 files

cloudflare-sandbox

Stats

LanguageTypeScript

Parent stars2

MaintenanceGood

Last CommitJan 31, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Sandbox Security

Full Paths Required

SSH sessions have broken PATH. ALWAYS use full paths:

Tool

Path

git

/usr/bin/git

/usr/bin/gh

bun

/root/.bun/bin/bun

ls/cat/echo

/bin/ls, /bin/cat, /bin/echo

Token Handling

NEVER embed tokens in URLs - they leak to process list, logs, errors.

# BAD - token visible in ps, logs, error messages /usr/bin/git clone https://$GH_TOKEN@github.com/owner/repo.git # GOOD - use credential helper /usr/bin/git config --global credential.helper store /bin/echo "https://oauth2:$GH_TOKEN@github.com" > ~/.git-credentials /bin/chmod 600 ~/.git-credentials /usr/bin/git clone https://github.com/owner/repo.git

Env Var Visibility

Env vars via --env are visible to ALL processes in sandbox:

env command lists everything

/proc/*/environ exposes all process env vars

Any script/binary can read $GH_TOKEN

Mitigations:

Only pass credentials the sandbox legitimately needs

Use short-lived, minimally-scoped tokens

Delete sandbox promptly after use

SSH Credential Setup

Team-lead configures credentials BEFORE spawning teammate:

# $GH_TOKEN expands LOCALLY (double quotes!) ssh <token>@ssh.app.daytona.io " /usr/bin/git config --global credential.helper store && /bin/echo 'https://oauth2:$GH_TOKEN@github.com' > ~/.git-credentials && /bin/chmod 600 ~/.git-credentials "

Reference Files