Wasm Sandbox

The plugin appears to do what it claims (a capability-based WASM sandbox with a helper downloader); requirements and code are coherent, but be aware it can download arbitrary files into the workspace and run WASM — only install if you trust the runtime and the WASM sources you will execute.

This plugin is coherent with its stated purpose: it provides a sandbox runtime and a downloader to fetch WASM components. Before installing, consider: 1) Verify the provenance of @wasm-sandbox/runtime (npm package) and that you trust the package maintainer/version. 2) Only run WASM from sources you trust—untrusted WASM can try to exploit sandbox bugs. 3) Be cautious mapping host directories into the guest (avoid mapping home or system directories). 4) If you use agent-invocation, restrict or audit autonomous agent permissions so it cannot both download arbitrary WASM and execute it without human review. 5) If you need stronger assurance, review the @wasm-sandbox/runtime code and run the plugin in an isolated environment first.