ReddRadar
Agent skill
sandbox-agent
Run agent CLIs (codex/copilot/opencode) inside a Podman container with full internet access but filesystem exposure limited to the repo root + explicit bind mounts.
Install this agent skill to your Project
npx add-skill https://github.com/santiago-afonso/sandbox-agent/tree/main/skills/sandbox-agent
SKILL.md
sandbox-agent
Use this when you want:
- Full egress/network for agent CLIs (web search, fetching, etc.)
- Tight filesystem boundaries via container bind mounts (repo root + explicit allowlist)
This repo contains a wrapper script intended to be installed as sandbox-agent.
Workflow
-
Build the image
From the repo root (this repository):
bash
podman build -t localhost/sandbox-agent:latest -f Containerfile .
2. **Install the wrapper**
```bash
install -m 0755 sandbox-agent ~/.local/bin/sandbox-agent
- (Optional) Configure extra mounts
Create ~/.config/sandbox-agent/config.sh:
CODEX_CONTAINER_SANDBOX_IMAGE="localhost/sandbox-agent:latest"
# Extra read-only mounts (mapped under /home/codex/... if under $HOME)
CODEX_CONTAINER_SANDBOX_RO_MOUNTS=(
"$HOME/.local/bin"
)
# Extra read-write mounts
CODEX_CONTAINER_SANDBOX_RW_MOUNTS=(
"$HOME/.cache/uv"
"$HOME/tmp"
)
-
Login once inside the container
bash
sandbox-agent --shell codex login
5. **Run the self-test (recommended)**
```bash
./selftest.sh
If this repo is vendored as a git submodule at ./sandbox-agent/ (for example in a dotfiles repo), either:
cd sandbox-agent && ./selftest.sh, or- run
./sandbox-agent/selftest.shfrom the parent repo root.
- Run an agent CLI
sandbox-agent codex exec "Summarize this repo"
Safety notes
- This wrapper runs with full networking. Anything mounted into the container can be exfiltrated.
- Keep mounts minimal; do not mount secrets, password stores, SSH keys, or large chunks of
$HOMEunless you intend to expose them.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
santiago-afonso/repo_clipboard
repo-clipboard
Snapshot the current directory into pseudo-XML for LLM context. Use when you need to share a repo (or a sub-tree) with Codex/LLMs, especially for code review/debugging, generating an agent-friendly “repo snapshot”, or piping context into tools like `llm` (see skill $llm-cli). Supports `.gitignore`-aware file discovery, common ignore patterns, extension filtering, regex include/exclude, optional file-list printing, line-range snippets, and writes `/tmp/repo_clipboard.{stdout,stderr}` for reuse.
santiago-afonso/codex-container-sandbox
codex-container-sandbox
Run Codex CLI inside a Podman container with full internet access but filesystem exposure limited to the repo root + explicit bind mounts; use when you want yolo/web-search without giving the agent access to your whole host filesystem.
mattpocock/skills
setup-pre-commit
Set up Husky pre-commit hooks with lint-staged (Prettier), type checking, and tests in the current repo. Use when user wants to add pre-commit hooks, set up Husky, configure lint-staged, or add commit-time formatting/typechecking/testing.
mattpocock/skills
obsidian-vault
Search, create, and manage notes in the Obsidian vault with wikilinks and index notes. Use when user wants to find, create, or organize notes in Obsidian.
mattpocock/skills
handoff
Compact the current conversation into a handoff document for another agent to pick up.
mattpocock/skills
scaffold-exercises
Create exercise directory structures with sections, problems, solutions, and explainers that pass linting. Use when user wants to scaffold exercises, create exercise stubs, or set up a new course section.
Didn't find tool you were looking for?