DiscordSign up
SKILLS.SH

sandbox-sdk

Secure, isolated code execution environments on Cloudflare Workers with multi-language support. Provides exec() for shell commands, runCode() for LLM-generated code with state persistence, and file operations (read, write, mkdir, list) Supports Python, JavaScript, and TypeScript with a base image including Python 3.11, Node.js 20, and common tools; extend via Dockerfile for additional dependencies Includes code interpreter contexts for data analysis workflows, port exposure for HTTP services, and lazy container startup with automatic sleep after 10 minutes of inactivity Requires Docker for local development, wrangler.jsonc configuration with Durable Objects bindings, and explicit Sandbox class re-export in Worker entry point

INSTALLATION
npx skills add https://github.com/cloudflare/skills --skill sandbox-sdk
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

Cloudflare Sandbox SDK

Build secure, isolated code execution environments on Cloudflare Workers.

FIRST: Verify Installation

npm install @cloudflare/sandbox

docker info  # Must succeed - Docker required for local dev

Retrieval Sources

Your knowledge of the Sandbox SDK may be outdated. Prefer retrieval over pre-training for any Sandbox SDK task.

Resource

URL

Docs

https://developers.cloudflare.com/sandbox/

API Reference

https://developers.cloudflare.com/sandbox/api/

Examples

https://github.com/cloudflare/sandbox-sdk/tree/main/examples

Get Started

https://developers.cloudflare.com/sandbox/get-started/

When implementing features, fetch the relevant doc page or example first.

Required Configuration

wrangler.jsonc (exact - do not modify structure):

{

  "containers": [{

    "class_name": "Sandbox",

    "image": "./Dockerfile",

    "instance_type": "lite",

    "max_instances": 1

  }],

  "durable_objects": {

    "bindings": [{ "class_name": "Sandbox", "name": "Sandbox" }]

  },

  "migrations": [{ "new_sqlite_classes": ["Sandbox"], "tag": "v1" }]

}

Worker entry - must re-export Sandbox class:

import { getSandbox } from '@cloudflare/sandbox';

export { Sandbox } from '@cloudflare/sandbox';  // Required export

Quick Reference

Task

Method

Get sandbox

getSandbox(env.Sandbox, 'user-123')

Run command

await sandbox.exec('python script.py')

Run code (interpreter)

await sandbox.runCode(code, { language: 'python' })

Write file

await sandbox.writeFile('/workspace/app.py', content)

Read file

await sandbox.readFile('/workspace/app.py')

Create directory

await sandbox.mkdir('/workspace/src', { recursive: true })

List files

await sandbox.listFiles('/workspace')

Expose port

await sandbox.exposePort(8080)

Destroy

await sandbox.destroy()

Core Patterns

Execute Commands

const sandbox = getSandbox(env.Sandbox, 'user-123');

const result = await sandbox.exec('python --version');

// result: { stdout, stderr, exitCode, success }

Code Interpreter (Recommended for AI)

Use runCode() for executing LLM-generated code with rich outputs:

const ctx = await sandbox.createCodeContext({ language: 'python' });

await sandbox.runCode('import pandas as pd; data = [1,2,3]', { context: ctx });

const result = await sandbox.runCode('sum(data)', { context: ctx });

// result.results[0].text = "6"

Languages: python, javascript, typescript

State persists within context. Create explicit contexts for production.

File Operations

await sandbox.mkdir('/workspace/project', { recursive: true });

await sandbox.writeFile('/workspace/project/main.py', code);

const file = await sandbox.readFile('/workspace/project/main.py');

const files = await sandbox.listFiles('/workspace/project');

When to Use What

Need

Use

Why

Shell commands, scripts

exec()

Direct control, streaming

LLM-generated code

runCode()

Rich outputs, state persistence

Build/test pipelines

exec()

Exit codes, stderr capture

Data analysis

runCode()

Charts, tables, pandas

Extending the Dockerfile

Base image (docker.io/cloudflare/sandbox:0.7.0) includes Python 3.11, Node.js 20, and common tools.

Add dependencies by extending the Dockerfile:

FROM docker.io/cloudflare/sandbox:0.7.0

# Python packages

RUN pip install requests beautifulsoup4

# Node packages (global)

RUN npm install -g typescript

# System packages

RUN apt-get update && apt-get install -y ffmpeg && rm -rf /var/lib/apt/lists/*

EXPOSE 8080  # Required for local dev port exposure

Keep images lean - affects cold start time.

Preview URLs (Port Exposure)

Expose HTTP services running in sandboxes:

const { url } = await sandbox.exposePort(8080);

// Returns preview URL for the service

Production requirement: Preview URLs need a custom domain with wildcard DNS (*.yourdomain.com). The .workers.dev domain does not support preview URL subdomains.

See: https://developers.cloudflare.com/sandbox/guides/expose-services/

OpenAI Agents SDK Integration

The SDK provides helpers for OpenAI Agents at @cloudflare/sandbox/openai:

import { Shell, Editor } from '@cloudflare/sandbox/openai';

See examples/openai-agents for complete integration pattern.

Sandbox Lifecycle

  • getSandbox() returns immediately - container starts lazily on first operation
  • Containers sleep after 10 minutes of inactivity (configurable via sleepAfter)
  • Use destroy() to immediately free resources
  • Same sandboxId always returns same sandbox instance

Anti-Patterns

  • Don't use internal clients (CommandClient, FileClient) - use sandbox.* methods
  • Don't skip the Sandbox export - Worker won't deploy without export { Sandbox }
  • Don't hardcode sandbox IDs for multi-user - use user/session identifiers
  • Don't forget cleanup - call destroy() for temporary sandboxes

Detailed References

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card