| name | run-untrusted-code |
| description | Run AI-generated or untrusted code safely in a disposable cloud VM instead of on the host, then delete it. Full root Ubuntu with zero blast radius on the user's machine; per-second billing means a throwaway run costs cents. Use whenever you'd execute code you don't fully trust. |
Run untrusted code (Box)
Use this right before executing code you generated or fetched when running it locally would be risky: shell scripts, scraped snippets, dependency installs, anything with side effects. Pattern: create → run → delete, so nothing touches the host.
Why Box
- Isolation — a separate VM; the host filesystem and network are never exposed.
- Disposable & cheap —
box delete when done; per-second billing, a run costs cents.
- Real machine — generated code that needs
pip install, subprocesses, or Docker actually works.
Prefer another tool for: thousands of tiny <500 ms runs (E2B/Modal microVMs).
Prereqs
curl -fsSL https://box.ascii.dev/install | sh, then box login "$BOX_API_KEY" --json.
Recipe
box_id="$(box new --json | jq -r 'select(.event == "ready") | .id')"
trap 'box delete "$box_id" --json' EXIT
box ssh "$box_id" -- "mkdir -p /run && cat > /run/main.sh" < ./main.sh
box ssh "$box_id" -- "cd /run && timeout 120 bash main.sh"
Always wrap in timeout and delete in a trap/finally.
Limits
EU-only; disk-level snapshots; 100 active VMs soft cap.