Skill Detail
Run coding agents in a locked-down local sandbox with repo-only filesystem access and controlled egress using agent-sandbox
Put Claude Code, Codex, Gemini, or other supported agent CLIs inside a persistent local sandbox instead of letting them operate directly on the host.
Security & VerificationMulti-Framework
Security & Verification
Multi-Framework
Security Reviewed
β 163 GitHub stars
INSTALL WITH ANY AGENT
npx skills add agentskillexchange/skills --skill run-coding-agents-in-a-locked-down-local-sandbox-with-repo-only-filesystem-access-and-controlled-egress-using-agent-sandbox
Works best when you want a reusable capability, not another fragile one-off prompt.
At a glance
Tools required
Docker-compatible runtime, VM layer such as Colima, terminal or supported devcontainer IDE
Install & setup
Install the `agentbox` binary from the project releases, run `agentbox init` to generate the sandbox config, then enter the environment with `agentbox exec` or attach through the generated devcontainer setup.
Author
mattolson
Publisher
Individual
Last updated
Apr 16, 2026
Quick brief
Use agent-sandbox when you want local coding agents to keep their auth and state, but still confine them to a repository-scoped filesystem and a policy-controlled egress path. The workflow is concrete: initialize the sandbox, generate the compose and policy files, then enter the containerized agent environment through the CLI or devcontainer path. The scope boundary is tighter than a generic dev environment product because the point is specifically safe local agent execution with bounded filesystem and network policy.