Sandboxed Sh

v1.0.0Securitystable

Safe runtime for autonomous on-chain AI agents: isolated sandboxes, Library skills, encrypted secrets, and OKX read-only security checks.

ai-agentsautonomous-agentsclaudeclaude-codecoding-assistant
Share:
432
Stars
0
Downloads
0
Weekly
0/5

What is Sandboxed Sh?

Sandboxed Sh is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to safe runtime for autonomous on-chain ai agents: isolated sandboxes, library skills, encrypted secrets, and okx read-only security checks.

Safe runtime for autonomous on-chain AI agents: isolated sandboxes, Library skills, encrypted secrets, and OKX read-only security checks.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Safe runtime for autonomous on-chain AI agents: isolated san

Use Cases

Isolated sandbox execution
Encrypted secret management
Safe on-chain AI operations
Th0rgal

Maintainer

LicenseMIT
Languagerust
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx sandboxed-sh

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Sandboxed Sh

Sandboxed.sh is a self-hosted platform that provides isolated, containerised Linux workspaces (using systemd-nspawn) for running autonomous AI coding agents such as Claude Code, OpenCode, Codex, Gemini, and Grok. Each workspace is sandboxed with encrypted secrets, a git-backed Library of reusable skills and MCP configurations, and a Mission Control dashboard for starting, stopping, and monitoring agents remotely. On-chain AI operators and security-conscious developers use it to let agents write and test code, launch desktop applications via X11, and open pull requests — all without granting agents direct access to the host system.

Prerequisites

  • Docker and Docker Compose installed (recommended installation method)
  • Ubuntu 24.04 LTS for bare-metal installation
  • Git for Library management
  • API keys for the AI providers you want to use (e.g., ANTHROPIC_API_KEY for Claude Code)
  • A modern web browser to access the Mission Control dashboard at http://localhost:3000
1

Clone the repository

Clone the sandboxed.sh repository to the machine that will host the agent platform.

git clone https://github.com/Th0rgal/sandboxed.sh.git
cd sandboxed.sh
2

Configure environment variables

Copy the example environment file and edit it with your AI provider API keys, backend connection settings, and Library repository URL.

cp .env.example .env
# Edit .env with your API keys and settings
3

Enable privileged container mode (recommended)

For full workspace isolation using systemd-nspawn, uncomment the 'privileged: true' line in docker-compose.yml. This allows containers to create isolated Linux environments.

# In docker-compose.yml, uncomment:
# privileged: true
4

Start the platform with Docker Compose

Start all services in detached mode. The Mission Control dashboard will be available at http://localhost:3000.

docker compose up -d
5

Access Mission Control and create a workspace

Open http://localhost:3000 in your browser. Create a new isolated workspace, select an AI agent (e.g., Claude Code), and configure which skills and MCPs to load from the Library.

6

Launch an agent on a task

Point an agent at a GitHub issue URL or paste a task description. The agent will run inside its isolated container, write code, run tests, and optionally open a pull request when done.

Sandboxed Sh Examples

Client configuration

MCP server config for connecting an external client to the sandboxed.sh MCP endpoint (adjust the URL to your deployed instance).

{
  "mcpServers": {
    "sandboxed-sh": {
      "command": "npx",
      "args": ["sandboxed-sh"]
    }
  }
}

Prompts to try

Example tasks to assign to agents running inside sandboxed.sh workspaces.

- "Point an agent at GitHub issue #42 — let it write code, run the tests, and open a PR when they pass."
- "Give the agent SSH access to my home GPU server via VPN, read the fine-tuning docs, and start a training run."
- "Run the full test suite in an isolated container and report any failures without touching the host filesystem."
- "Review the OKX wallet read-only security checks and summarise any risks."

Troubleshooting Sandboxed Sh

Containers fail to start or workspace isolation is broken

Ensure 'privileged: true' is uncommented in docker-compose.yml. Without this, systemd-nspawn cannot create nested containers. Also verify Docker is running as root or has the necessary capabilities.

AI agent API calls fail inside the workspace

Check that the .env file contains valid API keys for the provider (e.g., ANTHROPIC_API_KEY). The keys are injected into the container environment at startup — restart the container after editing .env.

Desktop automation (X11) does not work

Sandboxed.sh uses Xvfb for virtual display inside containers. Confirm the container has the correct X11 libraries installed and that the Xvfb service started successfully by checking container logs ('docker compose logs').

Frequently Asked Questions about Sandboxed Sh

What is Sandboxed Sh?

Sandboxed Sh is a Model Context Protocol (MCP) server that safe runtime for autonomous on-chain ai agents: isolated sandboxes, library skills, encrypted secrets, and okx read-only security checks. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Sandboxed Sh?

Follow the installation instructions on the Sandboxed Sh GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Sandboxed Sh?

Sandboxed Sh works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Sandboxed Sh free to use?

Yes, Sandboxed Sh is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Sandboxed Sh Alternatives — Similar Security Servers

Looking for alternatives to Sandboxed Sh? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "sandboxed-sh": { "command": "npx", "args": ["-y", "sandboxed-sh"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Sandboxed Sh?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides