AI Skill Hub 强烈推荐:zerobox MCP工具 是一款优质的MCP工具。AI 综合评分 8.2 分,在同类工具中表现稳健。如果你正在寻找可靠的MCP工具解决方案,这是一个值得深入了解的选择。
轻量级跨平台进程沙箱工具,基于OpenAI Codex运行时设计。专为AI代理和LLM应用提供安全隔离执行环境,支持MCP协议集成,适合需要代码执行隔离的开发者和AI应用构建者。
zerobox MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
轻量级跨平台进程沙箱工具,基于OpenAI Codex运行时设计。专为AI代理和LLM应用提供安全隔离执行环境,支持MCP协议集成,适合需要代码执行隔离的开发者和AI应用构建者。
zerobox MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
# 方式一:通过 Claude Code CLI 一键安装
claude skill install https://github.com/afshinm/zerobox
# 方式二:手动配置 claude_desktop_config.json
{
"mcpServers": {
"zerobox-mcp--": {
"command": "npx",
"args": ["-y", "zerobox"]
}
}
}
# 配置文件位置
# macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
# Windows: %APPDATA%/Claude/claude_desktop_config.json
# 安装后在 Claude 对话中直接使用 # 示例: 用户: 请帮我用 zerobox MCP工具 执行以下任务... Claude: [自动调用 zerobox MCP工具 MCP 工具处理请求] # 查看可用工具列表 # 在 Claude 中输入:"列出所有可用的 MCP 工具"
// claude_desktop_config.json 配置示例
{
"mcpServers": {
"zerobox_mcp__": {
"command": "npx",
"args": ["-y", "zerobox"],
"env": {
// "API_KEY": "your-api-key-here"
}
}
}
}
// 保存后重启 Claude Desktop 生效
Lightweight, cross-platform process sandboxing powered by OpenAI Codex's sandbox runtime.
<p align="center"> <a href="https://www.youtube.com/watch?v=wZiPm9BOPCg" target="_blank" title="Watch the video"> <img alt="Zerobox Sandbox Flow" src="packages/zerobox/assets/flow.svg" alt="Watch the video" style="width: 100%; max-width: 1135px;" /> </a> </p>
| Channel | Command |
|---|---|
| Shell (macOS / Linux) | curl -fsSL https://raw.githubusercontent.com/afshinm/zerobox/main/install.sh \| sh |
| npm | npm install -g zerobox |
| PyPI | pip install zerobox |
| Cargo | cargo install zerobox |
| From source | git clone https://github.com/afshinm/zerobox && cd zerobox && ./scripts/sync.sh && cargo build --release -p zerobox |
Run a build with network access but writes confined to ./dist:
zerobox --allow-write=./dist --allow-net -- npm run build
Run tests with no network and catch accidental external calls:
zerobox --allow-write=/tmp -- npm test
Run a command with no writes and no network access:
zerobox -- node -e "console.log('hello')"
Allow writes to a specific directory:
zerobox --allow-write=. -- node script.js
Allow network to a specific domain:
zerobox --allow-net=api.openai.com -- node agent.js
Pass a secret to a specific host and the inner process never sees the real value:
zerobox --secret OPENAI_API_KEY=sk-proj-123 --secret-host OPENAI_API_KEY=api.openai.com -- node agent.js
Record filesystem changes and undo them after execution:
zerobox --restore --allow-write=. -- npm install
Or record without restoring, then inspect and undo later:
zerobox --snapshot --allow-write=. -- npm install
zerobox snapshot list
zerobox snapshot diff <session-id>
zerobox snapshot restore <session-id>
For programmatic usage jump to the SDK that matches your stack:
By default only essential variables are passed to the sandbox, e.g. PATH, HOME, USER, SHELL, TERM, LANG.
Inherit all parent env vars:
zerobox --allow-env -- node app.js
Inherit specific env vars only:
zerobox --allow-env=PATH,HOME,DATABASE_URL -- node app.js
Block specific env vars:
zerobox --allow-env --deny-env=AWS_SECRET_ACCESS_KEY -- node app.js
Or set explicit variables:
zerobox --env NODE_ENV=production --env DEBUG=false -- node app.js
| Flag | Example | Description |
|---|---|---|
--allow-read <paths> | --allow-read=/tmp,/data | Restrict readable user data to listed paths. System libraries remain accessible. Default: all reads allowed. |
--deny-read <paths> | --deny-read=/secret | Block reading from these paths. Takes precedence over --allow-read. |
--allow-write [paths] | --allow-write=. | Allow writing to these paths. Without a value, allows writing everywhere. Default: no writes. |
--deny-write <paths> | --deny-write=./.git | Block writing to these paths. Takes precedence over --allow-write. |
--allow-net [domains] | --allow-net=example.com | Allow outbound network. Without a value, allows all domains. Default: no network. |
--deny-net <domains> | --deny-net=evil.com | Block network to these domains. Takes precedence over --allow-net. |
--env <KEY=VALUE> | --env NODE_ENV=prod | Set env var in the sandbox. Can be repeated. |
--allow-env [keys] | --allow-env=PATH,HOME | Inherit parent env vars. Without a value, inherits all. Default: only PATH, HOME, USER, SHELL, TERM, LANG. |
--deny-env <keys> | --deny-env=SECRET | Drop these parent env vars. Takes precedence over --allow-env. |
--secret <KEY=VALUE> | --secret API_KEY=sk-123 | Pass a secret. The process sees a placeholder. The real value is injected at the proxy for approved hosts. |
--secret-host <KEY=HOSTS> | --secret-host API_KEY=api.openai.com | Restrict a secret to specific hosts. Without this, the secret is substituted for all hosts. |
-A, --allow-all | -A | Grant all filesystem and network permissions. Env and secrets still apply. |
--no-sandbox | --no-sandbox | Disable the sandbox entirely. |
--strict-sandbox | --strict-sandbox | Require full sandbox (bubblewrap). Fail instead of falling back to weaker isolation. |
--debug | --debug | Print sandbox config and proxy decisions to stderr. |
--snapshot | --snapshot | Record filesystem changes during execution. |
--restore | --restore | Record and restore tracked files to pre-execution state after exit. Implies --snapshot. |
--snapshot-path <paths> | --snapshot-path=./src | Paths to track for snapshots (default: cwd). |
--snapshot-exclude <patterns> | --snapshot-exclude=build | Exclude patterns from snapshots. |
-C <dir> | -C /workspace | Set working directory for the sandboxed command. |
-V, --version | --version | Print version. |
-h, --help | --help | Print help. |
| Language | Package | README |
|---|---|---|
| Rust | [zerobox on crates.io](https://crates.io/crates/zerobox) | [crates/zerobox/README.md](crates/zerobox/README.md) |
| TypeScript / Node | [zerobox on npm](https://www.npmjs.com/package/zerobox) | [packages/zerobox/README.md](packages/zerobox/README.md) |
| Python | [zerobox on PyPI](https://pypi.org/project/zerobox/) | [sdks/python/README.md](sdks/python/README.md) |
zerobox作为MCP生态的核心安全工具,设计精妙、轻量高效。Rust实现确保性能和安全,适合规模化AI应用部署,维护活跃度良好。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ Apache 2.0 — 宽松开源协议,可商用,需保留版权声明和 NOTICE 文件,含专利授权条款。
总体来看,zerobox MCP工具 是一款质量优秀的MCP工具,在同类工具中具备一定竞争力。AI Skill Hub 将持续追踪其更新动态,建议收藏备用,结合自身场景选择合适时机引入使用。
| 原始名称 | zerobox |
| 原始描述 | 开源MCP工具:Lightweight, cross-platform process sandboxing powered by OpenAI Codex's runtime。⭐598 · Rust |
| Topics | 进程沙箱代码隔离AI安全MCP工具跨平台 |
| GitHub | https://github.com/afshinm/zerobox |
| License | Apache-2.0 |
| 语言 | Rust |
收录时间:2026-05-17 · 更新时间:2026-05-19 · License:Apache-2.0 · AI Skill Hub 不对第三方内容的准确性作法律背书。
选择 Agent 类型,复制安装指令后粘贴到对应客户端