How does the sandbox prevent dangerous commands?

It uses a multi-layered approach involving OS-level isolation, a strictly defined command allowlist, and regex-based pattern matching to block destructive shell commands like 'rm -rf /' before they execute.

Can I customize which commands are allowed?

Yes, you can configure the allowlist in the security-config.json file or programmatically add custom allowed commands to suit your specific project requirements.

What happens if a command is blocked?

When a command is blocked, the security hook prevents execution and returns a 'block' decision with a reason, which is then recorded in the security-audit.jsonl file for review.

Does this skill support network isolation?

Yes, the sandbox configuration includes settings for restricted network access, allowing you to permit only specific trusted domains like localhost or the Anthropic API while blocking others.

AC Security Sandbox

Name: AC Security Sandbox
Author: adaptationio

byadaptationio

Security & Testing

Protects autonomous coding environments by enforcing command allowlists, filesystem permissions, and execution sandboxing.

About

AC Security Sandbox provides a robust defense-in-depth architecture designed specifically for AI agents and autonomous coding workflows. It implements three layers of protection—OS-level isolation, granular filesystem access control, and a customizable command allowlist—to ensure that generated code or shell commands are executed safely without compromising the host system. By integrating pre-tool-use hooks to intercept dangerous patterns and maintaining a detailed audit log of all security decisions, this skill allows developers to deploy AI-driven automation with confidence and oversight.

Key Features

Customizable command allowlist with pre-approved patterns for dev tools like npm, git, and python
Real-time command validation hooks that intercept and block dangerous shell patterns
Comprehensive audit logging for tracking and reviewing all security-related execution events
Granular filesystem permissions to prevent unauthorized access to sensitive system paths
0 GitHub stars
Multi-layer security including OS-level isolation and restricted network access

Use Cases

Preventing accidental system damage or data leakage during automated code execution
Securing autonomous AI agents performing file modifications or terminal commands
Enforcing project-specific security boundaries in collaborative or automated environments

About

Key Features

Customizable command allowlist with pre-approved patterns for dev tools like npm, git, and python
Real-time command validation hooks that intercept and block dangerous shell patterns
Comprehensive audit logging for tracking and reviewing all security-related execution events
Granular filesystem permissions to prevent unauthorized access to sensitive system paths
0 GitHub stars
Multi-layer security including OS-level isolation and restricted network access

Use Cases

Preventing accidental system damage or data leakage during automated code execution
Securing autonomous AI agents performing file modifications or terminal commands
Enforcing project-specific security boundaries in collaborative or automated environments