Skip to content

feat(skills): add audit-sandbox-policy security review skill#49

Open
north-echo wants to merge 1 commit intoNVIDIA:mainfrom
north-echo:feat/audit-sandbox-policy-skill
Open

feat(skills): add audit-sandbox-policy security review skill#49
north-echo wants to merge 1 commit intoNVIDIA:mainfrom
north-echo:feat/audit-sandbox-policy-skill

Conversation

@north-echo
Copy link

@north-echo north-echo commented Mar 20, 2026

Summary

  • New agent skill that reviews sandbox policy.yaml files for common security misconfigurations
  • Checks for missing binaries restrictions, overly broad egress, credential exposure, filesystem gaps, and more
  • Based on real findings from NemoClaw #272, #118, and OpenShell policy documentation
  • Placed in sandboxes/base/skills/ so it's available to all sandbox environments

Checks performed

Severity Check
Critical Missing binaries restriction on network policies
Critical Overly broad egress (wildcard hosts, unrestricted ports)
Critical Credential exposure in policy YAML
Critical Sensitive directories writable
Warning POST-capable endpoints without binary binding
Warning Messaging services in base policy (should be opt-in)
Warning Missing TLS termination on port 443
Warning Broad binary paths on sensitive endpoints
Info Preset count / attack surface
Info Dynamic vs. static policy split

Test plan

  • Skill format matches existing conventions (SKILL.md with YAML frontmatter)
  • Directory placement follows sandboxes/base/skills/<name>/ structure
  • README with usage examples included per CONTRIBUTING.md
  • DCO sign-off included
  • Manual testing: ask an agent to audit a sandbox policy using this skill

Assisted by Claude Code

@north-echo
feat(skills): add audit-sandbox-policy security review skill
fdb66a7 
New skill that reviews sandbox policy YAML for common security
misconfigurations including missing binaries restrictions, overly
broad egress, credential exposure, and messaging services in
base policy.

Based on real findings from NemoClaw #272, #118, and OpenShell
policy documentation.

Signed-off-by: Christopher Lusk <122107484+north-echo@users.noreply.github.com>
Assisted-by: Claude (Anthropic)
@johntmyers
Copy link
Collaborator

johntmyers commented Mar 24, 2026

This seems very specific to NemoClaw. Instead of being part of the base image can this be injected into a running sandbox from NemoClaw itself?

@johntmyers johntmyers self-assigned this Mar 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@johntmyers johntmyers

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@north-echo @johntmyers