Docker Sandbox Lucas
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent Docker sandbox instruction guide, but users should notice that it can run arbitrary sandbox commands, mount workspace files, contact agent providers, and keep sandbox state.
This appears to be a benign instruction-only Docker sandbox skill. Before installing or using it, make sure Docker Desktop sandbox support is available, run untrusted work in disposable sandboxes, avoid mounting sensitive workspaces unless needed, configure network deny/allow rules, and clean up detached processes or saved sandbox templates when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Commands run in the sandbox can change the sandbox environment and may affect any mounted workspace files.
The skill teaches the agent/user how to execute arbitrary commands inside a Docker sandbox. This is central to the stated sandbox purpose, but it is still a broad execution capability.
docker sandbox exec [options] <sandbox> <command> [args...]
Use disposable sandboxes for untrusted code and review commands before running them, especially package installs, shell commands, or destructive operations.
A destructive command may not escape the sandbox, but it can still damage or modify the mounted project directory.
The skill promotes destructive testing while also disclosing that the current directory is mounted into the sandbox, so mistakes can still affect files in the mounted project workspace.
Testing destructive operations without risking the host ... The current directory mounted via virtiofs
Use a copy, backup, or throwaway workspace when testing destructive operations, and remove/reset sandboxes after use.
Project files or prompts may be exposed to the selected agent/provider if the agent is given access to them.
The skill is designed to run third-party agents in the sandbox. That is expected, but mounted workspace content and prompts may be processed by those agents depending on how they are invoked.
Supports Claude, Codex, Copilot, Gemini, and Kiro agents with network proxy controls.
Use the network proxy allowlist/deny policy and avoid mounting or prompting with sensitive files unless the selected provider is trusted for that data.
Detached processes or saved sandbox state may continue or be reused longer than intended.
The command reference includes detached/background execution and saving sandbox state as a reusable template. These persistence features are disclosed and fit the sandbox management purpose.
-d # Detach (background) ... docker sandbox save <sandbox>
List, stop, remove, or reset sandboxes after experiments, and only save templates after verifying their contents.