원클릭으로
sandbox-security
Daytona sandbox security. Use for token handling, credential boundaries, and full paths in SSH.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Daytona sandbox security. Use for token handling, credential boundaries, and full paths in SSH.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Use when working with Daytona SDK - uploadFile(Buffer, path), pnpm setup, CodeLanguage options
Prepare reusable Daytona sandbox sessions for isolated evals, debugging, or manual command execution.
Manage Daytona sandboxes for isolated evals, smoke tests, and command execution.
Generate sandbox-scoped task prompts for any LLM or tool runner working inside Daytona sandboxes.
Troubleshoot Daytona sandbox runs, SSH access, snapshots, credentials, and command execution failures.
Use for reusable Daytona sandbox workflows, SSH access, git setup, and isolated command execution.
| name | sandbox-security |
| description | Daytona sandbox security. Use for token handling, credential boundaries, and full paths in SSH. |
Keep local orchestration credentials separate from sandbox credentials:
| Context | Variables |
|---|---|
| Local orchestrator | DAYTONA_API_KEY, GH_TOKEN, ANTHROPIC_API_KEY |
| Sandbox forwarded | SANDBOX_GH_TOKEN, SANDBOX_ANTHROPIC_API_KEY |
Ralph-Town forwards sandbox-scoped variables under the names tools expect inside the sandbox:
SANDBOX_GH_TOKEN -> GH_TOKENSANDBOX_ANTHROPIC_API_KEY -> ANTHROPIC_API_KEYGITHUB_PAT is only a deprecated compatibility alias for
SANDBOX_GH_TOKEN.
SSH sessions can have a limited PATH. Use full paths when commands are not found:
| Tool | Path |
|---|---|
| git | /usr/bin/git |
| gh | /usr/bin/gh |
| pnpm | /usr/local/bin/pnpm |
| ls/cat/echo | /bin/ls, /bin/cat, /bin/echo |
Never embed tokens in URLs. They can leak to process lists, logs, and error output.
# BAD - token visible in ps, logs, error messages
/usr/bin/git clone https://$GH_TOKEN@github.com/owner/repo.git
# GOOD - prefer unauthenticated clone when possible
/usr/bin/git clone https://github.com/owner/repo.git
For private repos or push workflows, use a credential helper inside the sandbox:
/usr/bin/git config --global credential.helper store
/bin/printf 'https://oauth2:%s@github.com\n' "$GH_TOKEN" > ~/.git-credentials
/bin/chmod 600 ~/.git-credentials