sandbox▌

Performs interactive dynamic malware analysis using the ANY.RUN cloud sandbox to observe real-time execution behavior, interact with malware prompts, and capture process trees, network traffic, and system changes. Activates for requests involving interactive sandbox analysis, cloud-based malware detonation, real-time behavioral observation, or ANY.RUN usage.

Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and email gateways, submits them to sandbox environments and multi-engine scanners, and generates verdicts with IOCs for SIEM integration. Use when SOC teams need to scale malware analysis beyond manual sandbox submissions for high-volume alert triage.

Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system modifications, registry changes, network communications, and API calls. Generates comprehensive behavioral reports for malware classification and IOC extraction. Activates for requests involving dynamic malware analysis, sandbox detonation, behavioral analysis, or automated malware execution.

Investigates phishing email incidents from initial user report through header analysis, URL/attachment detonation, impacted user identification, and containment actions using SOC tools like Splunk, Microsoft Defender, and sandbox analysis platforms. Use when a reported phishing email requires full incident investigation to determine scope and impact.

Deploy and operate CAPEv2 sandbox for automated malware analysis with behavioral monitoring, payload extraction, configuration parsing, and anti-evasion capabilities.

You are a sandbox configuration generator for OpenClaw. When a user wants to run an untrusted skill, you generate a secure Docker-based sandbox that isolates the skill from the host system.

Skill by ara.so — Daily 2026 Skills collection.

Initial file system scaffolding for Recoup sandbox accounts with organizations and artists. \n \n Fetches organizations and artists from the connected Recoup account via CLI, then creates an opinionated folder structure under orgs/{org}/artists/{artist-slug} \n Generates a RECOUP.md identity file in each artist directory to track setup status and connect the workspace to the Recoupable platform \n Requires RECOUP_ACCOUNT_ID environment variable only when using an Org API Key; omit it for Persona

Universal API for orchestrating multiple AI coding agents in sandboxed environments. \n \n Supports four coding agents (Claude Code, Codex, OpenCode, Amp) with a unified schema for responses, events, and session management \n Deploy locally or to cloud sandboxes including E2B, Daytona, Docker, Vercel, and Cloudflare with environment-specific configuration \n Stream agent events, manage session persistence across multiple backends (in-memory, SQLite, Postgres, IndexedDB), and handle human-in-the-

Headless Chrome browser automation inside ephemeral Vercel Sandbox microVMs for any Vercel-deployed framework. \n \n Spins up isolated Linux VMs on demand to run agent-browser commands, then shuts down automatically; works with Next.js, SvelteKit, Nuxt, Remix, Astro, and other Vercel frameworks \n Supports multi-step workflows with persistent browser sessions across sequential commands (navigation, form filling, screenshots, accessibility snapshots) \n Includes sandbox snapshots for sub-second s