Claude Skill

afshinm/zerobox

Zerobox is a Rust-based, lightweight cross-platform process sandbox that uses OpenAI Codex runtime to sandbox any command with file, network, and credential controls. Ideal for AI agents, CLI secur...

Overview

Stars666
Forks39
LanguageRust
Last pushed2026-05-17
Last synced2026-07-03
View on GitHub

Repository

Ownerafshinm
Repositoryzerobox
Full nameafshinm/zerobox
Repo ID1,184,465,882

Install this Skill

git clone https://github.com/afshinm/zerobox.git

Registry

Typemcp_server
Quality score80/100
Verificationreadme_parsed
Last verified2026-06-07
Platforms
MCPOpenClawCodex
Capabilities
videoterminalworkflowai-agentsclillmllm-sandboxmcpmcp-securityopenclaw
Detected files
README.mdexamplespackage.json
Config keys
OPENAI_API_KEYTOKENGITHUB_TOKENDATABASE_URLAWS_SECRET_ACCESS_KEYKEYSECRETAPI_KEYPACKAGE_JSON

Summary

Zerobox is a lightweight, cross-platform process sandbox built in Rust, leveraging OpenAI Codex's runtime to sandbox any command with granular file, network, and credential controls. It provides process isolation and security for AI agents, CLI tools, and LLM sandboxing scenarios.

Chinese description

轻量级跨平台进程沙盒,基于OpenAI Codex运行时构建。支持对任意命令进行文件、网络和凭据控制的沙盒化处理。

Key features

  • Lightweight cross-platform sandboxing for any command
  • Granular file, network, and credential access controls
  • Built on OpenAI Codex runtime for reliable isolation
  • Process isolation with security-tool-grade protection
  • CLI-first design with easy integration into workflows

Use cases

  • Sandboxing AI agent commands to prevent unintended system access
  • Running untrusted CLI tools with restricted file and network permissions
  • Isolating LLM-generated code execution in a secure environment
  • Enhancing MCP (Model Context Protocol) security for agent workflows
  • Testing and debugging scripts without risking host system integrity

README excerpt

<div align="center"> <h1>🫙 Zerobox</h1> <p><strong>Sandbox any command with file, network, and credential controls.</strong></p> <p> <a href="https://www.npmjs.com/package/zerobox" target="_blank"> <img src="https://img.shields.io/npm/v/zerobox?style=for-the-badge&labelColor=000000&label=npm" alt="Zerobox npm version" /> </a> <a href="https://pypi.org/project/zerobox/" target="_blank"> <img src="https://img.shields.io/pypi/v/zerobox?style=for-the-badge&labelColor=000000&label=PyPI" alt="Zerobox PyPI version" /> </a> <a href="https://crates.io/crates/zerobox" target="_blank"> <img src="https://img.shields.io/crates/v/zerobox?style=for-the-badge&labelColor=000000&label=crates.io" alt="Zerobox crates.io version" /> </a> <a href="https://github.com/afshinm/zerobox/blob/main/LICENSE" target="_blank"> <img src="https://img.shields.io/github/license/afshinm/zerobox?style=for-the-badge&labelColor=000000" alt="Zerobox license" /> </a> <a href="https://github.com/afshinm/zerobox/actions/workflows/ci.yml" target="_blank"> <img src="https://img.shields.io/github/actions/workflow/status/afshinm/zerobox/ci.yml?style=for-the-badge&labelColor=000000&label=CI" alt="Zerobox CI status" /> </a> </p> </div> Lightweight, cross-platform process sandboxing powered by [OpenAI Codex](https://github.com/openai/codex)'s sandbox runtime. - **Deny by default:** Writes, network, and environment variables are blocked unless you allow them - **Credential injection:** Pass API keys that the process never sees. Zerobox injects real values only for approved hosts - **File access control:** Allow or deny reads and writes to specific paths - **Network filtering:** Allow or deny outbound traffic by domain - **Clean environment:**

Topics

Explore more

Data from GitHub. Synced on 2026-07-03