Docker Sandbox Lucas

v20.

创建 and manage Docker sandboxed VM 环境s for safe 代理 execution. Use when 运行ning untrusted code, exploring packages, or isolating 代理 workloads. Supports Claude, Codex, Copilot, Gemini, and Kiro 代理s with network proxy controls.

0· 1.3k·0 当前·0 累计

by @lucasseeley (LucasSeeley)·MIT-0

开发工具代码生成文档工具 AI模型访问容器与虚拟化

下载技能包

License

MIT-0

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install docker-sandbox-lucas

镜像加速npx clawhub@latest install docker-sandbox-lucas --registry https://cn.longxiaskill.com 镜像可用

需要定制？告诉我你的需求 →

技能文档

Docker Sandbox

运行代理s and commands in isolated VM 环境s using Docker 桌面's sandbox feature. Each sandbox 获取s its own lightweight VM with file系统 isolation, network proxy controls, and workspace mounting via virtiofs.

When to Use Exploring untrusted packages or 技能s before 安装ing them 系统-wide 运行ning arbitrary code from external sources safely 测试 destructive operations without risking the host Isolating 代理 workloads that need network 访问 controls 设置ting up reproducible 环境s for experiments Requirements Docker 桌面 4.49+ with the docker sandbox 插件验证: docker sandbox version Quick 启动创建 a sandbox for the current project docker sandbox 创建 --name my-sandbox claude .

This 创建s a VM-isolated sandbox with:

The current directory mounted via virtiofs Node.js, git, and standard dev 工具s pre-安装ed Network proxy with allow列出 controls 运行 commands inside docker sandbox exec my-sandbox node --version docker sandbox exec my-sandbox npm 安装 -g some-package docker sandbox exec -w /path/to/workspace my-sandbox bash -c "ls -la"

运行 an 代理 directly # 创建 and 运行 in one step docker sandbox 运行 claude . -- -p "What files are in this project?"

# 运行 with 代理 arguments after -- docker sandbox 运行 my-sandbox -- -p "Analyze this codebase"

Commands Reference Lifecycle # 创建 a sandbox (代理s: claude, codex, copilot, gemini, kiro, c代理) docker sandbox 创建 --name <代理>

# 运行 an 代理 in sandbox (创建s if needed) docker sandbox 运行 <代理> [-- <代理-args>...] docker sandbox 运行 [-- <代理-args>...]

# 执行 a command docker sandbox exec [options] [args...] -e KEY=VAL # 设置环境 variable -w /path # 设置 working directory -d # Detach (background) -i # Interactive (keep stdin open) -t # Allocate pseudo-TTY

# 停止 without removing docker sandbox 停止

# 移除 (destroys VM) docker sandbox rm

# 列出 all sandboxes docker sandbox ls

# Re设置 all sandboxes docker sandbox re设置

# Save snapshot as reusable template docker sandbox save

Network Controls

The sandbox includes a network proxy for controlling outbound 访问.

# Allow specific domAIns docker sandbox network proxy --allow-host example.com docker sandbox network proxy --allow-host API.github.com

# Block specific domAIns docker sandbox network proxy --block-host malicious.com

# Block IP ranges docker sandbox network proxy --block-cidr 10.0.0.0/8

# Bypass proxy for specific hosts (direct connection) docker sandbox network proxy --bypass-host localhost

# 设置 default policy (allow or deny all by default) docker sandbox network proxy --policy deny # Block everything, then allow列出 docker sandbox network proxy --policy allow # Allow everything, then block列出

# View network activity docker sandbox network 记录

Custom Templates # Use a custom contAIner image as base docker sandbox 创建 --template my-custom-image:latest claude .

# Save current sandbox 状态 as template for reuse docker sandbox save my-sandbox

Workspace Mounting

The workspace path on the host is mounted into the sandbox via virtiofs. The mount path inside the sandbox preserves the host path structure:

Host OS Host Path Sandbox Path Windows H:\Projects\my-应用 /h/Projects/my-应用 macOS /Users/me/projects/my-应用 /Users/me/projects/my-应用 Linux /home/me/projects/my-应用 /home/me/projects/my-应用

The 代理's home directory is /home/代理/ with a symlinked workspace/ directory.

环境 Inside the Sandbox

Each sandbox VM includes:

Node.js (v20.x LTS) Git (latest) Python (系统) curl, w获取, standard Linux utilities npm (global 安装 directory at /usr/local/分享/npm-global/) Docker socket (at /运行/docker.sock - Docker-in-Docker capable) Proxy Configuration (auto-设置) HTTP_PROXY=http://host.docker.internal:3128 HTTPS_PROXY=http://host.docker.internal:3128 NODE_EXTRA_CA_CERTS=/usr/local/分享/ca-certificates/proxy-ca.crt SSL_CERT_FILE=/usr/local/分享/ca-certificates/proxy-ca.crt

导入ant: Node.js fetch (undici) does NOT respect HTTP_PROXY env vars by default. For npm packages that use fetch, 创建 a require hook:

// /tmp/proxy-fix.js const proxy = process.env.HTTPS_PROXY || process.env.HTTP_PROXY; if (proxy) { const { Proxy代理 } = require('undici'); const 代理 = new Proxy代理(proxy); const origFetch = globalThis.fetch; globalThis.fetch = function(url, opts = {}) { return origFetch(url, { ...opts, dis补丁er: 代理 }); }; }

运行 with: node -r /tmp/proxy-fix.js your-script.js

Patterns Safe Package Exploration # 创建 isolated sandbox docker sandbox 创建 --name pkg-test claude .

# Restrict network to only npm registry docker sandbox network proxy pkg-test --policy deny docker sandbox network proxy pkg-test

License

运行时依赖

安装命令

技能文档

相关技能推荐