Provides sandbox tools for safely running code, scripts, and shell commands in an isolated K8E environment — never on the host. Use this skill for ANY code execution request. This means: running Python/bash/Node.js code, data analysis, CSV/Excel processing, file manipulation, package installation, or any terminal operation. CRITICAL: Always trigger this skill when the user wants something actually executed or run — not just written or explained. Trigger for English requests like "run this", "execute", "test it", "check if this works", "install X and use it". Trigger equally for Chinese requests: "帮我跑一下", "运行这个", "试试这个", "执行一下", "跑一下", "测试这段代码", "帮我分析这个CSV", "帮我跑这段代码", "跑一下看看", "帮我试试", "能不能跑", "看看输出", "帮我算一下", "帮我处理这个文件", "安装并使用". When a user pastes code and wants results, use this skill. When in doubt, use the sandbox — it's always safer than running on the host.
Always run code and shell commands in the sandbox, never directly on the host. Each session runs in a gVisor/Kata/Firecracker-isolated pod with kernel-level egress enforcement — mistakes can't damage the host, and network access is restricted to an explicit allowlist.
k8e sandbox-mcp supports two transports. The agent config is set automatically by k8e sandbox-install-skill.
| Mode | How to start | When to use |
|---|---|---|
| stdio (default) | k8e sandbox-mcp | kiro / claude desktop — agent manages the process |
| HTTP/SSE | k8e sandbox-mcp --http --http-addr :8811 | shared server, multiple agents, lowest latency |
One server process serves all agent connections — no per-request spawn, no initialize handshake per call.
GET /mcp → open SSE stream (long-lived, server → agent push)
POST /mcp → send JSON-RPC request, response in HTTP body + SSE push
header: Mcp-Session-Id: <token> ← ties POST to SSE stream
Start the server:
k8e sandbox-mcp --http --http-addr :8811
Agent config (manual):
{
"mcpServers": {
"k8e-sandbox": { "url": "http://127.0.0.1:8811/mcp" }
}
}
Auto-install with SSE:
K8E_SANDBOX_MCP_ADDR=:8811 k8e sandbox-install-skill all
# writes "url" instead of "command" into agent configs
SSE session lifecycle:
GET /mcp → receives event: session\ndata: <token> as first eventPOST /mcp with Mcp-Session-Id: <token> header: ping every 15s to keep the connection alive| Situation | Tool |
|---|---|
| Default: run any code or command | sandbox_run |
| Install Python packages | sandbox_pip_install |
| Run command in an existing session | sandbox_exec |
| Run command with streaming output | sandbox_exec_stream |
| Write a file to workspace | sandbox_write_file |
| Read a file from workspace | sandbox_read_file |
| List recently changed files | sandbox_list_files |
| Check sandbox availability | sandbox_status |
| Parallel independent subtasks | sandbox_run_subagent |
| Custom runtime or egress allowlist | sandbox_create_session |
| Explicitly clean up a session | sandbox_destroy_session |
| Before irreversible actions | sandbox_confirm_action |
sandbox_run is the default entry point — it handles session creation and reuse automatically: