What is plugin sandboxing?

Running plugin code in an isolated environment to prevent it from impacting the host process.

Which sandbox runtimes are supported?

vm2 and isolated-vm, as referenced in the skill description and sample code.

What are typical limits for sandboxed plugins?

A memory limit of 128 MB and a script timeout of 5000 ms are used in the provided example.

plugin-sandbox-setup

npx machina-cli add skill a5c-ai/babysitter/plugin-sandbox-setup --openclaw

Files (1)

SKILL.md

916 B

Plugin Sandbox Setup

Configure plugin sandboxing for security.

Generated Patterns

import ivm from 'isolated-vm';

export async function runInSandbox(code: string, context: Record<string, unknown>) {
  const isolate = new ivm.Isolate({ memoryLimit: 128 });
  const vmContext = isolate.createContextSync();
  const jail = vmContext.global;

  for (const [key, value] of Object.entries(context)) {
    jail.setSync(key, new ivm.ExternalCopy(value).copyInto());
  }

  const script = isolate.compileScriptSync(code);
  const result = await script.run(vmContext, { timeout: 5000 });
  isolate.dispose();
  return result;
}

Target Processes

plugin-architecture-implementation
mcp-server-security-hardening

Source

git clone https://github.com/a5c-ai/babysitter/blob/main/plugins/babysitter/skills/babysit/process/specializations/cli-mcp-development/skills/plugin-sandbox-setup/SKILL.md

View on GitHub

Overview

This skill configures a security sandbox for plugins using vm2 or isolated-vm. It enables running untrusted plugin code in a confined environment with memory and time limits to protect the host system.

How This Skill Works

The approach creates an isolated VM: an Isolate with memoryLimit 128 MB, then a context is created and populated by copying whitelisted values via ExternalCopy. The plugin code is compiled and executed inside the sandbox with a 5-second timeout, after which the isolate is disposed and the result is returned.

When to Use It

When you need to safely execute untrusted plugin code in a host system
When integrating third-party plugins into your plugin-architecture-implementation
When you want to enforce strict memory and time boundaries on plugin execution
When hardening MCP server security and plugin loading processes
When running user-provided scripts in a controlled sandbox during development

Quick Start

Step 1: Import the sandbox helper (as shown in the SKILL.md) and set up the environment
Step 2: Prepare your plugin code string and a restricted context object, then call runInSandbox(code, context)
Step 3: Handle the returned result and ensure proper disposal of the sandbox resources

Best Practices

Use a fixed memoryLimit (128 MB) and a short timeout (5000 ms) as shown in the sample
Whitelist and copy only required context into the sandbox using ExternalCopy
Dispose the isolate after each run to release resources promptly
Wrap execution in try-catch and handle sandbox errors gracefully
Choose between vm2 or isolated-vm based on environment needs and performance

Example Use Cases

A plugin loader in a CMS that runs user-installed plugins in isolation
A chat application that executes user-provided transformation scripts safely
A workflow automation system evaluating user-defined rules in a sandbox
A game server that loads mods within a restricted sandbox
An analytics pipeline applying user-defined data transforms without risking the host

Frequently Asked Questions

Add this skill to your agents