mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-05-04 23:00:20 +00:00
a0f6b335a4
Replace fragile blocklist validation and printf '%q' escaping in upload_file() with strict allowlist regex [a-zA-Z0-9/_.~-]+ across all non-SSH cloud providers. For codesandbox, additionally migrate from shell command interpolation to SDK filesystem API via environment variables, eliminating the injection surface entirely. Affected clouds: codesandbox, daytona, e2b, fly, koyeb, modal, northflank, railway, render, sprite Fixes #989 Agent: security-auditor Co-authored-by: A <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| lib | ||
| aider.sh | ||
| amazonq.sh | ||
| claude.sh | ||
| cline.sh | ||
| codex.sh | ||
| continue.sh | ||
| gemini.sh | ||
| goose.sh | ||
| gptme.sh | ||
| interpreter.sh | ||
| kilocode.sh | ||
| nanoclaw.sh | ||
| openclaw.sh | ||
| opencode.sh | ||
| plandex.sh | ||
| README.md | ||
CodeSandbox
CodeSandbox Firecracker microVMs via SDK/CLI. CodeSandbox
No SSH — uses CodeSandbox SDK/CLI for exec. Firecracker microVMs with ~2s start. Free tier: 40 hrs/mo on Build plan. Requires npm install -g @codesandbox/sdk.
Agents
Claude Code
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/claude.sh)
OpenClaw
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/openclaw.sh)
Aider
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/aider.sh)
NanoClaw
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/nanoclaw.sh)
Goose
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/goose.sh)
OpenCode
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/opencode.sh)
Plandex
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/plandex.sh)
Gemini CLI
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/gemini.sh)
Amazon Q CLI
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/amazonq.sh)
Cline
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/cline.sh)
Open Interpreter
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/interpreter.sh)
Codex CLI
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/codex.sh)
Non-Interactive Mode
CODESANDBOX_SANDBOX_NAME=dev-mk1 \
CSB_API_KEY=csb_xxxxx \
OPENROUTER_API_KEY=sk-or-v1-xxxxx \
bash <(curl -fsSL https://openrouter.ai/labs/spawn/codesandbox/claude.sh)
Authentication
Get your CodeSandbox API key at: https://codesandbox.io/t/api
Enable all scopes when creating the key and export it as:
export CSB_API_KEY=your-key-here