// Use when a task requires shell-level work inside the sandbox, including environment setup, script writing, code execution, running programs, downloads, package installs, scanning, or browser/tool CLIs.
Use ProjectDiscovery httpx for authorized HTTP probing, live host validation, response triage, and lightweight web fingerprint collection.
Use observer_ward for authorized web application and service fingerprint identification against in-scope HTTP targets.
Reverse engineer binaries using Ghidra's headless analyzer. Decompile executables, extract functions, strings, symbols, and analyze call graphs without GUI.
Use agent-browser-cli to perceive and control the supervised Chromium browser inside the sandbox, interact with pages, capture screenshots/PDFs, inspect cookies/CDP/network/console state, and troubleshoot only when needed.
Use for authorized SQL injection testing with the sqlmap CLI, including detection, DBMS fingerprinting, request replay, and extraction checks against in-scope web targets.
Use for authorized host discovery, port scanning, service/version detection, NSE script checks, network inventory, and local network diagnostics with the nmap CLI.
| name | sandbox-shell |
| description | Use when a task requires shell-level work inside the sandbox, including environment setup, script writing, code execution, running programs, downloads, package installs, scanning, or browser/tool CLIs. |
Use sandbox command tools for authorized task work inside the selected sandbox container.
Command tools return compact JSON metadata; raw output is captured to output_file:
status, output_file, output_bytes, output_lines, optional exit_code, run_id, error.running, completed, failed, canceled.read_sandbox_command_output using output_file and start_line: 1, at most 200 lines per call. Do not use cat.Use execute_sync_command for short, local, bounded commands expected to finish within 30 seconds:
which, test, sed -n, head, tail, wc, bounded grepUse execute_async_command for anything slow, remote, stateful, or externally dependent:
Always pass timing arguments explicitly via timeout_seconds.
After execute_async_command, keep the returned run_id and output_file.
list_sandbox_async_jobs only for inspection or capacity checks.cancel_sandbox_async_job only when cancellation is requested or the job is no longer useful.sleep, shell wait loops, repeated status polling, or filler progress messages.At most 3 async commands may run for one agent instance.
status and output_lines > 0, read needed chunks with read_sandbox_command_output.start_line only when the next chunk is needed.output_file.uv for Python environments, package installs, and temporary tool execution.uv run, uvx, or uv pip inside a task-scoped virtual environment.pip install or assume pip3 is available in the sandbox.7z, unzippython3, uv, node, npm, nc, jq, rg, gitcurl, wget, dig, nslookup, whois, openssl, httpx, nmap, sqlmapobserver_wardjadx, apktool, analyzeHeadlessfile, binwalkagent-browser-cliCall custom skill scripts by absolute path:
/root/.agents/skills/ghidra/scripts/ghidra-analyze.shReport only meaningful results: changed files, commands run, relevant output, and failures that affect completion.