Agent Skills
› NeverSight/learn-skills.dev
› security-sandbox
security-sandbox
GitHub为自主编码操作提供纵深防御安全,通过命令验证、白名单管理及执行钩子实现沙箱隔离。适用于验证Bash命令、配置安全策略及限制危险操作,确保Agent运行安全。
Trigger Scenarios
验证Bash命令安全性
配置工具访问白名单
实现预工具使用钩子
对自主Agent操作进行沙箱隔离
Install
npx skills add NeverSight/learn-skills.dev --skill security-sandbox -g -y
SKILL.md
Frontmatter
{
"name": "security-sandbox",
"layer": "foundation",
"version": "1.0.0",
"category": "autonomous-coding",
"description": "Secure command execution with allowlists and validation hooks. Use when validating bash commands, configuring security policies, implementing pre-tool-use hooks, or sandboxing autonomous agent operations."
}
Security Sandbox
Provides defense-in-depth security for autonomous coding operations through command validation, allowlists, and execution hooks.
Quick Start
Validate a Command
from scripts.command_validator import validate_command
result = validate_command("npm install express")
if result.allowed:
# Safe to execute
pass
else:
print(f"Blocked: {result.reason}")
Use Security Hook
from scripts.security_manager import create_bash_security_hook
hook = create_bash_security_hook()
# Hook returns decision for Claude SDK
decision = await hook({
"tool_input": {"command": "rm -rf /"}
})
# decision = {"decision": "block", "reason": "Command 'rm' requires approval"}
Configure Allowlist
from scripts.allowlist import Allowlist
allowlist = Allowlist()
allowlist.add("docker")
allowlist.add("kubectl")
allowlist.remove("rm") # Disallow rm
Security Model
┌─────────────────────────────────────────────────────────────┐
│ DEFENSE IN DEPTH │
├─────────────────────────────────────────────────────────────┤
│ │
│ LAYER 1: SANDBOX │
│ ├─ OS-level isolation │
│ ├─ Filesystem restrictions │
│ └─ Network limitations │
│ │
│ LAYER 2: PERMISSIONS │
│ ├─ Tool allowlist (Read, Write, Bash...) │
│ ├─ Path restrictions (./**) │
│ └─ Operation limits │
│ │
│ LAYER 3: COMMAND VALIDATION │
│ ├─ Command extraction & parsing │
│ ├─ Allowlist checking │
│ └─ Dangerous pattern detection │
│ │
│ LAYER 4: HOOKS │
│ ├─ PreToolUse validation │
│ ├─ Real-time blocking │
│ └─ Audit logging │
│ │
└─────────────────────────────────────────────────────────────┘
Default Allowlist
ALLOWED_COMMANDS = {
# File inspection
"ls", "cat", "head", "tail", "wc", "grep", "find",
# File operations
"cp", "mkdir", "chmod", "touch",
# Node.js
"npm", "node", "npx", "yarn", "pnpm",
# Python
"python", "python3", "pip", "pip3", "poetry",
# Version control
"git",
# Process management
"ps", "lsof", "sleep", "pkill", "kill",
# System info
"pwd", "whoami", "uname", "which", "env",
# Network (limited)
"curl", "wget",
}
Dangerous Patterns
These patterns are always blocked:
| Pattern | Risk | Example |
|---|---|---|
rm -rf / |
System destruction | Wipes filesystem |
> /dev/sda |
Disk corruption | Overwrites disk |
chmod 777 |
Security hole | World-writable |
curl | bash |
Code injection | Remote execution |
:(){ :|:& };: |
Fork bomb | DoS attack |
dd if=/dev/zero |
Disk fill | Resource exhaustion |
Hook Integration
# For Claude SDK integration
from scripts.security_manager import SecurityManager
manager = SecurityManager()
# Configure SDK with hooks
sdk_options = {
"hooks": {
"PreToolUse": [manager.pre_tool_hook]
}
}
Integration Points
- autonomous-session-manager: Provides security during sessions
- coding-agent: Uses hooks for safe command execution
- autonomous-loop: Ensures safety in continuous operation
References
references/ALLOWED-COMMANDS.md- Full allowlist documentationreferences/SECURITY-MODEL.md- Security architecturereferences/CUSTOM-RULES.md- Custom rule configuration
Scripts
scripts/security_manager.py- Core security managerscripts/command_validator.py- Command validationscripts/allowlist.py- Allowlist managementscripts/sandbox_config.py- Sandbox configuration
Version History
- e0220ca Current 2026-07-05 23:13


