docker-sandbox
Facilitates isolated execution of AI agent tools within Docker sandboxes for secure and efficient code management.
Install this skill
or
56/100
Security score
The docker-sandbox skill was audited on Mar 7, 2026 and we found 8 security issues across 3 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
critical line 119
Direct command execution function call
SourceSKILL.md
| 119 | | Exec (warm sandbox) | ~90ms | |
medium line 78
Template literal with variable interpolation in command context
SourceSKILL.md
| 78 | ```bash |
medium line 22
Access to hidden dotfiles in home directory
SourceSKILL.md
| 22 | - `codex_auth_json` — contents of `~/.codex/auth.json` (ChatGPT Pro subscription) |
medium line 72
Access to hidden dotfiles in home directory
SourceSKILL.md
| 72 | The auth file at `~/.codex/auth.json` is **portable** (not host-tied). Store it: |
low line 74
Access to hidden dotfiles in home directory
SourceSKILL.md
| 74 | secrets add codex_auth_json --value "$(cat ~/.codex/auth.json)" |
low line 80
Access to hidden dotfiles in home directory
SourceSKILL.md
| 80 | docker sandbox exec my-sandbox bash -c "mkdir -p ~/.codex && cat > ~/.codex/auth.json << 'EOF' |
low line 229
Access to hidden dotfiles in home directory
SourceSKILL.md
| 229 | docker sandbox exec my-sandbox bash -c 'cat ~/.codex/auth.json | head -3' |
low line 14
External URL reference
SourceSKILL.md
| 14 | **ADR**: [ADR-0023](https://joelclaw.com/adrs/0023-docker-sandbox-for-agent-loops) |
Scanned on Mar 7, 2026
View Security DashboardInstall this skill with one command
/learn @joelhooks/docker-sandbox