Developer Tools●●Solid
Afterburner – Capability-Sandboxed JavaScript/TS Runtime in Rust
Wraps node, npm, and bun under sandbox without code changes, but Deno already does capability security.
Ship ItNiche Gem
vertexclique
6221h ago
Back to browse
GitHub Repository
Capability-based sandbox runtime for AI agent skills
3 starsRust
SkillSandbox – Capability-based sandbox for AI agent skills (Rust)
by ClaytheMachine·Feb 15, 2026·1 point·0 comments
AI Analysis
●●●BangerSolve My ProblemDark HorseWizardry
Seccomp+iptables+mount isolation blocks the ClawdHub credential stealer in practice.
Strengths
- •Threat model grounded in real incident (malicious weather skill harvesting AWS keys).
- •iptables default-deny + seccomp-bpf enforcement is OS-native, not easily bypassed.
- •Companion AgentTrace tool addresses second-order failure (right perms, wrong behavior).
Weaknesses
- •Rust/Linux stack limits adoption; no MCP server integration actually shown working.
- •Adoption depends on marketplace ecosystem standardizing YAML manifests — chicken-and-egg.
Category
Target Audience
AI agent framework developers, enterprise autonomous workflows, security-conscious teams running third-party skills.
Similar To
Landlock LSM · Firejail · SELinux contexts
Post Description
Built this after finding a credential stealer on an AI skills marketplace. The malicious skill looked like a normal weather lookup but was exfiltrating ~/.ssh, AWS creds, and browser cookies. My agent ran it without hesitation.
SkillSandbox is the fix: skills declare permissions in YAML (network egress, filesystem paths, env vars), the runtime enforces via iptables default-deny, seccomp-bpf, and mount isolation. MCP server integration for Claude Code.
Also built a companion project, AgentTrace (https://github.com/theMachineClay/agenttrace), for the other failure mode: when an agent has the right permissions but does the wrong thing repeatedly. Session-aware policy engine with cumulative cost tracking, violation counting, and kill-switch.
Together: SkillSandbox constrains what agents can reach. AgentTrace enforces what agents should do.
Happy to answer questions about the architecture or threat model.
Similar Projects
Security●●Solid
Agent Armor, a Rust runtime that enforces policies on AI agent actions
Eight-layer governance pipeline for agents when LangChain just executes blindly.
Big BrainShip It
edoardobambini-
422mo ago
Security●●Solid
Agent Armor, a Rust runtime for enforcing policies on AI agent actions
Zero-trust governance for AI agents before they execute shell, file, or database actions with full audit trails.
Bold BetShip It
edoardobambini-
751mo ago
AI/ML●●Solid
SpadeBox – Sandboxed tools and JavaScript runtime for AI agents
Cap-std sandboxing with no-bash design is a coherent security story for agents.
Big BrainShip It
charlycst
304d ago
Security●●●Banger
MVAR – Deterministic sink enforcement for AI agent
IFC + capabilities block prompt injection at execution sinks, not input filters—40yr research applied.
Big BrainWizardry
ShawnC21
113mo ago
Security●●●Banger
Capframe – capability tokens for AI agent tool calls
Macaroon-style tokens for AI agents solve the excessive agency problem better than prompt engineering.
Big BrainSolve My ProblemShip It
euan21
1226d ago