Claude Code Sandboxing
Here I share the simplest example of a code writing Anthropic Skill (Universal Agent) and two ways of creating a sandbox…
Some Background…
A sandbox in the context of AI Agents with code writing skills serves as a critical isolation layer.
It protects your system from potentially harmful or buggy code generated by the AI.
When an AI Agent writes code, there’s always a risk it could contain errors, infinite loops, resource-intensive operations, or even security vulnerabilities.
Especially if the AI Agent is experimenting or learning from user feedback.
By running the agent within a sandboxed environment (like a Python virtual environment, Docker container or dedicated VM), you create boundaries that limit what the generated code can access and modify.
This means if the AI writes code that attempts to delete files, consume excessive memory, or access sensitive system resources, the sandbox confines the damage to an isolated space that can be easily reset or discarded.
Advanced sandboxing can include:
restricted file system access,
network isolation,
CPU/memory limits, and
time constraints on code execution.
All of these parameters and more can be set when creating the container…
This protective layer allows you to safely experiment with AI-generated code., without risking your development environment or production systems.
This is an essential practice for anyone deploying autonomous coding agents.
Virtual Environments vs Docker Containers
I did some research on the primary differences between using a VE or DC…
From a practical perspective, a VE is easy and quick to setup or run. DC is slightly more demanding, but…
It is said that Docker containers provide stronger isolation, better portability, and more consistent behaviour than Python virtual environments.
Supposedly this makes Docker the superior choice for production AI Agent deployments and security-sensitive workflows.
Virtual environments (venv or virtualenv) isolate Python packages and dependencies at the application level within the same operating system.
In short, use virtual environments for quick, local experimentation; switch to Docker when isolation, consistency, and production readiness become non-negotiable.
They prevent version conflicts between projects but share the host kernel, file system, and system-level libraries.
This leaves room for accidental interference or security leakage if malicious code runs.
Docker containers go further by encapsulating the entire runtime environment, including the OS user space, libraries, binaries, and network stack.
It seems like Docker is better for deeper process isolation, reproducible builds across different machines.
Together with the ability to enforce strict resource limits and security policies.
While virtual environments remain lightweight and fast for local development, Docker excels in scenarios requiring sandboxing for running untrusted AI-generated code, CI/CD pipelines or deployment to diverse infrastructure.
Virtual Environment Setup on MacOS…
Create a directory to work in…
mkdir ai-sandbox-agent
Go into the directory…
cd ai-sandbox-agent
Create a virtual environment…
python3 -m venv sandbox_env
Activate the virtual environment…
source sandbox_env/bin/activate
Run these installs…
pip install anthropic
&…
pip install python-dotenv ipython
Save your Anthropic API as an environment variable…
echo “ANTHROPIC_API_KEY=your_api_key_here” > .env
Create and name the empty Python file…
touch code_agent.py
Open it…
vim code_agent.py
Paste this Python code:
import os
from anthropic import Anthropic
from dotenv import load_dotenv
# Load environment variables
load_dotenv()
# Initialize the client
client = Anthropic(api_key=os.getenv(”ANTHROPIC_API_KEY”))
def run_code_agent(task):
“”“
Run an AI agent with code writing capabilities
“”“
system_prompt = “”“You are an expert code writing assistant.
When asked to write code:
- Provide clean, well-commented code
- Explain what the code does
- Include error handling where appropriate
- Suggest how to run/test the code
“”“
message = client.messages.create(
model=”claude-sonnet-4-5-20250929”,
max_tokens=4000,
system=system_prompt,
messages=[
{”role”: “user”, “content”: task}
]
)
return message.content[0].text
# Interactive mode
if __name__ == “__main__”:
print(”AI Code Agent initialized!”)
print(”Type ‘exit’ to quit\n”)
while True:
task = input(”What would you like me to code? > “)
if task.lower() in [’exit’, ‘quit’]:
print(”Goodbye!”)
break
print(”\n” + “=”*60)
response = run_code_agent(task)
print(response)
print(”=”*60 + “\n”)You can run the coding agent running this command from the command line:
python code_agent.py
And then enter your request when prompted:
What would you like me to code? > Build a simple Flask API with two endpoint
Docker Setup
Install Docker…
pip install docker
Create the Dockerfile
cat > Dockerfile << ‘EOF’
FROM python:3.11-slimCreate the requirements.txt file…
cat > requirements.txt << ‘EOF’
anthropic
python-dotenv
EOFPress Enter after pasting.
In the ai-sandbox-agent folder, you should see Dockerfile and requirements.txt in the list.
Build the Docker image…
docker build -t code-agent .Then run the image…
docker run -it --env-file .env code-agentBelow is the view how to interact with your coding Agent (Agent skill) via the command line…
If you head to the docker UI, you will see your container listed…
Chief Evangelist @ Kore.ai | I’m passionate about exploring the intersection of AI and language. Language Models, AI Agents, Agentic Apps, Dev Frameworks & Data-Driven Tools shaping tomorrow.
More Resources:
Sandboxing - Claude Code Docs
Learn how Claude Code’s sandboxed bash tool provides filesystem and network isolation for safer, more autonomous agent…code.claude.com
Create custom subagents - Claude Code Docs
Create and use specialized AI subagents in Claude Code for task-specific workflows and improved context management.code.claude.com
Anthropic Says Coding Agents Are Becoming the Universal Everything Agent
Anthropic Says Coding Agents Are Becoming the Universal Everything Agent Anthropic’s vision positions coding AI Agents…cobusgreyling.medium.com
Anthropic Says Don’t Build Agents, Build Skills Instead!
Is Anthropic Skills Revolutionising AI Agent Design?cobusgreyling.medium.com
Was 2025 the year of Agents?
Was 2025 the year of Agents? Yes, and no... 2025 marked a pivotal shift where AI Agents moved from prototypes to…cobusgreyling.medium.com