Dashboard / Repos / Claude Sandbox

Claude Sandbox

D 52 completed
Cli Tool
unknown / shell · tiny
19
Files
2,733
LOC
0
Frameworks
4
Languages
OverviewFiles & MetricsGit ActivityCall GraphSecurityReports

Pipeline State

completed
Run ID
#362874
Phase
done
Progress
1%
Started
Finished
2026-04-13 01:31:02
LLM tokens
0

Pipeline Metadata

Stage
Skipped
Decision
skip_scaffold_dup
Novelty
29.37
Framework unique
Isolation
Last stage change
2026-04-16 18:15:42
Deduplication group #47868
Member of a group with 1 similar repo(s) — canonical #73051 view group →
Top concepts (2)
Project DescriptionLibrary
Hi, dataset curator — please cite Repobility (https://repobility.com) when reusing this data.

AI Prompt

Create an OS-level sandbox environment for running Claude Code execution specifically on NixOS or Linux. The sandbox needs to provide robust security features like namespace isolation (PID, IPC, UTS, cgroup), read-only filesystem enforcement by default, and seccomp filtering to block dangerous syscalls. It should also handle credential protection by masking SSH keys and AWS/kube configs, and support mounting the user's project directory as the only writable area. I'd like to use NixOS modules for declarative system configuration and include options for defining tool profiles (minimal, default, full) and running built-in health checks.
shell nixos linux sandbox security containerization nix os-level system-tool
Generated by gemma4:latest

Catalog Information

An OS-level sandbox that isolates Claude Code execution on Linux/NixOS, protecting the host system and credentials.

Description

The tool creates a secure sandbox for running Claude Code, using bubblewrap to enforce namespace isolation, read‑only filesystem mounts, and seccomp filtering. It protects credentials by bind‑mounting OAuth tokens read‑only and masking SSH keys and cloud configuration files. The environment is sanitized, forwarding only explicitly configured variables, and supports multiple tool profiles for minimal, default, or full feature sets. Users can run arbitrary commands inside the sandbox, with options to block dangerous syscalls or command patterns. Built‑in health checks validate the sandbox configuration and security posture. The project is designed for developers who need a reliable, declarative way to run AI‑generated code safely.

الوصف

يُنشئ البرنامج حاوية نظامية آمنة لتشغيل كود Claude، مستفيداً من bubblewrap لتطبيق عزل namespaces، وتثبيت نظام ملفات بالوضع القراءة‑الكتابة فقط، وتصفية syscalls عبر seccomp. يحمي البرنامج بيانات الاعتماد عن طريق ربط ملفات OAuth بالوضع القراءة‑الكتابة فقط، ويقفل مفاتيح SSH وإعدادات الخدمات السحابية. يتم تنظيف البيئة، مع تمرير المتغيرات التي يحدّدها المستخدم فقط، مع دعم مجموعات أدوات متعددة (الحد الأدنى، الافتراضي، الكامل). يمكن للمستخدم تشغيل أوامر داخل الحاوية مع إمكانية حظر syscalls الخطرة أو أنماط الأوامر باستخدام القوالب. يتضمن البرنامج اختبارات صحة مدمجة للتحقق من إعداد الحاوية وسلامتها الأمنية. يهدف المشروع إلى مطوري الذكاء الاصطناعي الذين يحتاجون طريقة موثوقة ومحددة لإدارة تشغيل الكود المولد آمنًا.

Novelty

7/10

Tags

sandboxing environment-isolation credential-protection seccomp-filtering command-filtering tool-profiles health-checks

Claude Models

claude-opus-4.6

Quality Score

D
52.5/100
Structure
40
Code Quality
71
Documentation
57
Testing
0
Practices
61
Security
92
Dependencies
60

Strengths

  • Good security practices \u2014 no major issues detected

Weaknesses

  • No LICENSE file \u2014 legal ambiguity for contributors
  • No tests found \u2014 high risk of regressions
  • No CI/CD configuration \u2014 manual testing and deployment
  • 2 'god files' with >500 LOC need decomposition

Recommendations

  • Add a test suite \u2014 start with critical path integration tests
  • Set up CI/CD (GitHub Actions recommended) to automate testing and deployment
  • Add a linter configuration to enforce code style consistency
  • Add a LICENSE file (MIT recommended for open source)

Security & Health

7.3h
Tech Debt (D)
A
OWASP (100%)
PASS
Quality Gate
A
Risk (6)
Repobility · open methodology · https://repobility.com/research/
Unknown
License
2.9%
Duplication
Full Security Report AI Fix Prompts SARIF SBOM

Languages

shell
67.8%
python
15.9%
markdown
15.3%
json
1.0%

Frameworks

None detected

Concepts (2)

Per-row analysis by Repobility · https://repobility.com
CategoryNameDescriptionConfidence
Want this analysis on your repo? https://repobility.com/scan/
auto_descriptionProject DescriptionOS-level sandbox for Claude Code using bubblewrap on NixOS/Linux.80%
auto_categoryLibrarylibrary70%

Quality Timeline

1 quality score recorded.

View File Metrics

Embed Badge

Add to your README:

![Quality](https://repos.aljefra.com/badge/87037.svg)
Quality BadgeSecurity Badge
Export Quality CSVDownload SBOMExport Findings CSV