Leo Borai | Rust Software Engineer

As I adopt more and more AI tools into my daily workflow, one of the concerns that arises is the potential for prompt injection attacks and the execution of arbitrary bash commands on the system.

I try to read every generated code before accepting it into my project and also before executing. There are background bash commands that are also running to retrieve context on the agent side, which is harder to monitor.

So, I decided to take action and extend my productivity by allowing Claude to move faster without performing any potential harm.

Using Docker as a “Sandbox”

Docker is a great tool to isolate processes, network access, and filesystem access. It allows you to use different OS environments, limit hardware resources, and clone your project files in a volume, allowing you to perform changes on files without accessing the actual host files.

It is perfect for creating an isolated environment for Claude Code to run and execute bash commands and perform file creation and modification inside the constrained filesystem.

So, I came up with the following Dockerfile to create a sandbox environment for Claude Code:

FROM alpine:3

RUN apk add -f -u 
    bat 
    bash 
    ca-certificates 
    curl 
    fd-find 
    git 
    jq 
    npm 
    ripgrep 
    sudo 
    tree

RUN npm install -g @anthropic-ai/claude-code

RUN mkdir -p /workspaces/app

WORKDIR /workspaces/app

This Dockerfile installs Claude Code using the standard approach in an Alpine Linux container.

To run it, I use a docker-compose.yml file to allow me to configure volumes and run the container easily.

services:
  claude:
    build:
      dockerfile: Dockerfile
    volumes:
      - ../:/workspaces/app
    command: sleep infinity

In my repo DeckMaster, where I’m writing a solution to manage Magic: The Gathering cards and decks, I’m running this development environment for Claude, where I can perform my development tasks via the container runtime.