by Th0rgal
Safe runtime for autonomous on-chain AI agents: isolated sandboxes, Library skills, encrypted secrets, and OKX read-only security checks.
# Add to your Claude Code skills
git clone https://github.com/Th0rgal/sandboxed.shLast scanned: 5/20/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-20T07:43:56.641Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}sandboxed.sh is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by Th0rgal. Safe runtime for autonomous on-chain AI agents: isolated sandboxes, Library skills, encrypted secrets, and OKX read-only security checks. It has 467 GitHub stars.
Yes. sandboxed.sh passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/Th0rgal/sandboxed.sh" and add it to your Claude Code skills directory (see the Installation section above).
sandboxed.sh is primarily written in Rust. It is open-source under Th0rgal on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh sandboxed.sh against similar tools.
No comments yet. Be the first to share your thoughts!
What if you could:
Hand off entire dev cycles. Point an agent at a GitHub issue, let it write code, test by launching desktop applications, and open a PR when tests pass. You review the diff, not the process.
Run multi-day operations unattended. Give an agent SSH access to your home GPU through a VPN. It reads Nvidia docs, sets up training, fine-tunes models while you sleep.
Keep sensitive data local. Analyze your sequenced DNA against scientific literature. Local inference, isolated containers, nothing leaves your machines.
/v1/chat/completions when all routed providers are temporarily rate-limitedsandboxed.sh orchestrates multiple AI coding agent runtimes:
.claude/skills/)Each runtime executes inside isolated workspaces, so bash commands and file operations are scoped correctly. sandboxed.sh handles orchestration, workspace isolation, and Library-based configuration management.
| Docker (recommended) | Native (bare metal) | |
|---|---|---|
| Best for | Getting started, macOS users, quick deployment | Production servers, maximum performance |
| Platform | Any OS with Docker | Ubuntu 24.04 LTS |
| Setup time | ~5 minutes | ~30 minutes |
| Container workspaces | Yes (with privileged: true) |
Yes (native systemd-nspawn) |
| Desktop automation | Yes (headless Xvfb inside Docker) | Yes (native X11 or Xvfb) |
| Performance | Good (slight overhead on macOS) | Best (native Linux) |
| Updates | docker compose pull / rebuild |
Git pull + cargo build, or one-click from dashboard |
git clone https://github.com/Th0rgal/sandboxed.sh.git
cd sandboxed.sh
cp .env.example .env
# Edit .env with your settings
docker compose up -d
Open http://localhost:3000 — that's it.
For container workspace isolation (recommended), uncomment privileged: true in
docker-compose.yml.
For production servers running Ubuntu 24.04 with maximum performance and native systemd-nspawn isolation.
→ Full native installation guide
After installation, follow the Getting Started Guide for:
Point your coding agent at the installation guide and let it handle the deployment:
"Deploy Sandboxed.sh on my server at
1.2.3.4with domainagent.example.com"
Enable pre-push formatting checks to catch CI failures locally:
git config core.hooksPath .githooks
This runs cargo fmt --check before each push. If formatting issues are found,
run cargo fmt --all to fix them.
Work in Progress — This project is under active development. Contributions and feedback welcome.
MIT