Show HN: SkillSandbox – Capability-based sandbox for AI agent skills (Rust)

**Show HN: SkillSandbox – Capability-based sandbox for AI agent skills (Rust)**

Built this after finding a credential stealer on an AI skills marketplace. The malicious skill looked like a normal weather lookup but was exfiltrating ~/.ssh, AWS creds, and browser cookies. My agent ran it without hesitation.SkillSandbox is the fix: skills declare permissions in YAML (network egress, filesystem paths, env vars), the runtime enforces via iptables default-deny, seccomp-bpf, and mount isolation. MCP server integration for Claude Code.Also built a companion project, AgentTrace (https://github.com/theMachineClay/agenttrace), for the other failure mode: when an agent has the right permissions but does the wrong thing repeatedly. Session-aware policy engine with cumulative cost tracking, violation counting, and kill-switch.Together: SkillSandbox constrains what agents can reach...

---

**[devsupporter 해설]**

이 기사는 Show HN에서 제공하는 최신 개발 동향입니다. 관련 도구나 기술에 대해 더 알아보시려면 원본 링크를 참고하세요.