modal-sandboxes-knowledge
Installation
SKILL.md
Modal Sandboxes Knowledge
Use this skill for Modal Sandbox design, security, and operations. For ordinary functions, GPU jobs, or deployment topics, use modal-compute:modal-compute-knowledge.
Essential security checklist
- Treat all submitted code and files as untrusted.
- Use explicit timeout, CPU, memory, and disk constraints.
- Prefer deny-by-default network egress; allow only required destinations.
- Clean up every sandbox with
terminate()or a scoped lifecycle. - Avoid passing long-lived credentials into sandbox environments unless strictly required.
- Capture stdout/stderr and return codes separately for auditing and debugging.
Common patterns
- One-shot execution: create a sandbox, run a command, collect output, terminate.
- Named sandbox: reuse a per-session sandbox for interactive workflows.
- PTY session: support shell-like interaction while preserving resource limits.
- Snapshot workflow: prebuild filesystem state, then launch from a known baseline.