Sandboxed Sh
Safe runtime for autonomous on-chain AI agents: isolated sandboxes, Library skills, encrypted secrets, and OKX read-only security checks.
What is Sandboxed Sh?
Sandboxed Sh is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to safe runtime for autonomous on-chain ai agents: isolated sandboxes, library skills, encrypted secrets, and okx read-only security checks.
Safe runtime for autonomous on-chain AI agents: isolated sandboxes, Library skills, encrypted secrets, and OKX read-only security checks.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Safe runtime for autonomous on-chain AI agents: isolated san
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx sandboxed-shConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Sandboxed Sh
Sandboxed.sh is a self-hosted platform that provides isolated, containerised Linux workspaces (using systemd-nspawn) for running autonomous AI coding agents such as Claude Code, OpenCode, Codex, Gemini, and Grok. Each workspace is sandboxed with encrypted secrets, a git-backed Library of reusable skills and MCP configurations, and a Mission Control dashboard for starting, stopping, and monitoring agents remotely. On-chain AI operators and security-conscious developers use it to let agents write and test code, launch desktop applications via X11, and open pull requests — all without granting agents direct access to the host system.
Prerequisites
- Docker and Docker Compose installed (recommended installation method)
- Ubuntu 24.04 LTS for bare-metal installation
- Git for Library management
- API keys for the AI providers you want to use (e.g., ANTHROPIC_API_KEY for Claude Code)
- A modern web browser to access the Mission Control dashboard at http://localhost:3000
Clone the repository
Clone the sandboxed.sh repository to the machine that will host the agent platform.
git clone https://github.com/Th0rgal/sandboxed.sh.git
cd sandboxed.shConfigure environment variables
Copy the example environment file and edit it with your AI provider API keys, backend connection settings, and Library repository URL.
cp .env.example .env
# Edit .env with your API keys and settingsEnable privileged container mode (recommended)
For full workspace isolation using systemd-nspawn, uncomment the 'privileged: true' line in docker-compose.yml. This allows containers to create isolated Linux environments.
# In docker-compose.yml, uncomment:
# privileged: trueStart the platform with Docker Compose
Start all services in detached mode. The Mission Control dashboard will be available at http://localhost:3000.
docker compose up -dAccess Mission Control and create a workspace
Open http://localhost:3000 in your browser. Create a new isolated workspace, select an AI agent (e.g., Claude Code), and configure which skills and MCPs to load from the Library.
Launch an agent on a task
Point an agent at a GitHub issue URL or paste a task description. The agent will run inside its isolated container, write code, run tests, and optionally open a pull request when done.
Sandboxed Sh Examples
Client configuration
MCP server config for connecting an external client to the sandboxed.sh MCP endpoint (adjust the URL to your deployed instance).
{
"mcpServers": {
"sandboxed-sh": {
"command": "npx",
"args": ["sandboxed-sh"]
}
}
}Prompts to try
Example tasks to assign to agents running inside sandboxed.sh workspaces.
- "Point an agent at GitHub issue #42 — let it write code, run the tests, and open a PR when they pass."
- "Give the agent SSH access to my home GPU server via VPN, read the fine-tuning docs, and start a training run."
- "Run the full test suite in an isolated container and report any failures without touching the host filesystem."
- "Review the OKX wallet read-only security checks and summarise any risks."Troubleshooting Sandboxed Sh
Containers fail to start or workspace isolation is broken
Ensure 'privileged: true' is uncommented in docker-compose.yml. Without this, systemd-nspawn cannot create nested containers. Also verify Docker is running as root or has the necessary capabilities.
AI agent API calls fail inside the workspace
Check that the .env file contains valid API keys for the provider (e.g., ANTHROPIC_API_KEY). The keys are injected into the container environment at startup — restart the container after editing .env.
Desktop automation (X11) does not work
Sandboxed.sh uses Xvfb for virtual display inside containers. Confirm the container has the correct X11 libraries installed and that the Xvfb service started successfully by checking container logs ('docker compose logs').
Frequently Asked Questions about Sandboxed Sh
What is Sandboxed Sh?
Sandboxed Sh is a Model Context Protocol (MCP) server that safe runtime for autonomous on-chain ai agents: isolated sandboxes, library skills, encrypted secrets, and okx read-only security checks. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Sandboxed Sh?
Follow the installation instructions on the Sandboxed Sh GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Sandboxed Sh?
Sandboxed Sh works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Sandboxed Sh free to use?
Yes, Sandboxed Sh is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Sandboxed Sh Alternatives — Similar Security Servers
Looking for alternatives to Sandboxed Sh? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Sandboxed Sh in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Sandboxed Sh?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.