ReddRadar
Agent skill
codex-container-sandbox
Run Codex CLI inside a Podman container with full internet access but filesystem exposure limited to the repo root + explicit bind mounts; use when you want yolo/web-search without giving the agent access to your whole host filesystem.
Install this agent skill to your Project
npx add-skill https://github.com/santiago-afonso/codex-container-sandbox/tree/main/skills/codex-container-sandbox
SKILL.md
codex-container-sandbox
Use this when you want:
- Full egress/network for
codex(web search, fetching, etc.) - Tight filesystem boundaries via container bind mounts (repo root + explicit allowlist)
This repo contains a wrapper script intended to be installed as codex-container-sandbox.
Workflow
-
Build the image
From the repo root (this repository):
bashpodman build -t localhost/codex-container-sandbox:latest -f Containerfile . -
Install the wrapper
bashinstall -m 0755 codex-container-sandbox ~/.local/bin/codex-container-sandbox -
(Optional) Configure extra mounts
Create
~/.config/codex-container-sandbox/config.sh:bashCODEX_CONTAINER_SANDBOX_IMAGE="localhost/codex-container-sandbox:latest" # Extra read-only mounts (mapped under /home/codex/... if under $HOME) CODEX_CONTAINER_SANDBOX_RO_MOUNTS=( "$HOME/.local/bin" ) # Extra read-write mounts CODEX_CONTAINER_SANDBOX_RW_MOUNTS=( "$HOME/.cache/uv" "$HOME/tmp" ) -
Login once inside the container
bashcodex-container-sandbox --shell codex login -
Run the self-test (recommended)
bash./selftest.shIf this repo is vendored as a git submodule at
./codex-container-sandbox/(for example in a dotfiles repo), either:cd codex-container-sandbox && ./selftest.sh, or- run
./codex-container-sandbox/selftest.shfrom the parent repo root.
-
Run Codex
bashcodex-container-sandbox exec "Summarize this repo"
Safety notes
- This wrapper runs Codex in full-yolo mode (
--dangerously-bypass-approvals-and-sandbox) with full networking. Anything mounted into the container can be exfiltrated. - Keep mounts minimal; do not mount secrets, password stores, SSH keys, or large chunks of
$HOMEunless you intend to expose them.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
santiago-afonso/repo_clipboard
repo-clipboard
Snapshot the current directory into pseudo-XML for LLM context. Use when you need to share a repo (or a sub-tree) with Codex/LLMs, especially for code review/debugging, generating an agent-friendly “repo snapshot”, or piping context into tools like `llm` (see skill $llm-cli). Supports `.gitignore`-aware file discovery, common ignore patterns, extension filtering, regex include/exclude, optional file-list printing, line-range snippets, and writes `/tmp/repo_clipboard.{stdout,stderr}` for reuse.
santiago-afonso/sandbox-agent
sandbox-agent
Run agent CLIs (codex/copilot/opencode) inside a Podman container with full internet access but filesystem exposure limited to the repo root + explicit bind mounts.
Dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations
wrangler
Deploy and manage Cloudflare Workers, Pages, KV, R2, D1, and other Cloudflare services using the `wrangler` CLI.
Dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations
supabase
Manage Supabase projects, databases, migrations, Edge Functions, and storage using the `supabase` CLI.
Dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations
flywheel-discord
Security rules and behavioral guidelines for operating as Clawdstein in The Agent Flywheel Hub Discord server. This is a PUBLIC community server—apply strict data isolation.
Dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations
slb
Simultaneous Launch Button - Two-person rule for destructive commands in multi-agent workflows. Risk-tiered classification, command hash binding, 5 execution gates, client-side execution with environment inheritance. Go CLI.
Didn't find tool you were looking for?