一键导入
sandbox-security
Daytona sandbox security. Use for token handling, credential boundaries, and full paths in SSH.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Daytona sandbox security. Use for token handling, credential boundaries, and full paths in SSH.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | sandbox-security |
| description | Daytona sandbox security. Use for token handling, credential boundaries, and full paths in SSH. |
Keep local orchestration credentials separate from sandbox credentials:
| Context | Variables |
|---|---|
| Local orchestrator | DAYTONA_API_KEY, GH_TOKEN, ANTHROPIC_API_KEY |
| Sandbox forwarded | SANDBOX_GH_TOKEN, SANDBOX_ANTHROPIC_API_KEY |
Ralph-Town forwards sandbox-scoped variables under the names tools expect inside the sandbox:
SANDBOX_GH_TOKEN -> GH_TOKENSANDBOX_ANTHROPIC_API_KEY -> ANTHROPIC_API_KEYGITHUB_PAT is only a deprecated compatibility alias for
SANDBOX_GH_TOKEN.
SSH sessions can have a limited PATH. Use full paths when commands are not found:
| Tool | Path |
|---|---|
| git | /usr/bin/git |
| gh | /usr/bin/gh |
| pnpm | /usr/local/bin/pnpm |
| ls/cat/echo | /bin/ls, /bin/cat, /bin/echo |
Never embed tokens in URLs. They can leak to process lists, logs, and error output.
# BAD - token visible in ps, logs, error messages
/usr/bin/git clone https://$GH_TOKEN@github.com/owner/repo.git
# GOOD - prefer unauthenticated clone when possible
/usr/bin/git clone https://github.com/owner/repo.git
For private repos or push workflows, use a credential helper inside the sandbox:
/usr/bin/git config --global credential.helper store
/bin/printf 'https://oauth2:%s@github.com\n' "$GH_TOKEN" > ~/.git-credentials
/bin/chmod 600 ~/.git-credentials
Use when working with Daytona SDK - uploadFile(Buffer, path), pnpm setup, CodeLanguage options
Prepare reusable Daytona sandbox sessions for isolated evals, debugging, or manual command execution.
Manage Daytona sandboxes for isolated evals, smoke tests, and command execution.
Generate sandbox-scoped task prompts for any LLM or tool runner working inside Daytona sandboxes.
Troubleshoot Daytona sandbox runs, SSH access, snapshots, credentials, and command execution failures.
Use for reusable Daytona sandbox workflows, SSH access, git setup, and isolated command execution.