📋 Prerequisites
📝 Feature Summary
Add support for configurable outbound network access in skills by loading allow/deny domain lists from environment variables and generating an srt runtime settings file.
❓ Problem Statement / Motivation
Currently, the shell skill executes commands through the Anthropic
Sandbox Runtime (srt) but does not expose a way to configure outbound
network access.
Relevant implementation:
https://github.com/kagent-dev/kagent/blob/1088ac2186089356a93e972b83986282006fdbac/python/packages/kagent-skills/src/kagent/skills/shell.py
Because of this limitation:
- Skills cannot safely call external APIs
- Any outbound network access is implicitly restricted
- Developers cannot configure a controlled allowlist for domains
Real-world example
I created a skill that retrieves electricity prices in Spain:
https://github.com/felipevicens/spain-electricity-price-skill
This skill needs to query a public electricity price API. However,
requests fail due to the current network restrictions when running
inside the sandbox.
Who is affected
This affects developers building skills that require outbound access to:
- public APIs
- package registries
- observability services
- GitHub or other developer APIs
Without controlled network access, many practical skills cannot be
implemented.
Why this is needed
Many real-world skills require controlled outbound network access. Without a safe allowlist mechanism, developers must either:
- disable restrictions entirely (unsafe), or
- cannot implement useful API integrations.
A configurable allowlist provides a secure middle ground.
💡 Proposed Solution
Expose outbound network configuration through environment variables,
and have the shell skill generate a runtime srt settings file that
enforces the network policy.
The Anthropic Sandbox Runtime enforces network restrictions via the
network configuration in its settings file.
Example srt configuration:
{
"network": {
"allowedDomains": [
"api.esios.ree.es",
"*.api.esios.ree.es"
],
"deniedDomains": [
"malicious.com"
]
}
}The shell skill would dynamically generate this configuration from
environment variables.
Proposed environment variables
KAGENT_ALLOWED_DOMAINS
KAGENT_DENIED_DOMAINS
Example:
KAGENT_ALLOWED_DOMAINS=api.esios.ree.es,*.api.esios.ree.es
KAGENT_DENIED_DOMAINS=malicious.com
Expected behavior
- The shell skill reads network configuration from environment
variables.
- It generates an
srt settings file containing the network
configuration.
- The sandbox is launched with:
srt --settings <generated-settings.json> sh -c <command>
srt enforces the network policy.
Example implementation concept
settings = {
"network": {
"allowedDomains": parse_env_list("KAGENT_ALLOWED_DOMAINS"),
"deniedDomains": parse_env_list("KAGENT_DENIED_DOMAINS")
}
}The settings file could be generated in a temporary path such as:
/tmp/kagent-srt-settings.json
and reused across executions.
Security considerations
- Default behavior should remain secure by default (no outbound
access).
- If no environment variables are provided, the sandbox should run
with the existing restricted configuration.
deniedDomains should override allowedDomains.- Wildcard domains (e.g.
*.github.com) should be supported.
🔄 Alternatives Considered
No response
🎯 Affected Service(s)
Not Sure
📚 Additional Context
Relevant file that would need modification:
https://github.com/kagent-dev/kagent/blob/1088ac2186089356a93e972b83986282006fdbac/python/packages/kagent-skills/src/kagent/skills/shell.py
Anthropic Sandbox Runtime documentation:
https://github.com/anthropic-experimental/sandbox-runtime
Example real-world skill requiring outbound API access:
https://github.com/felipevicens/spain-electricity-price-skill
Adding this capability would allow developers to build production-ready
skills that integrate with external services while maintaining
controlled and secure network access.
🙋 Are you willing to contribute?
📋 Prerequisites
📝 Feature Summary
Add support for configurable outbound network access in skills by loading allow/deny domain lists from environment variables and generating an
srtruntime settings file.❓ Problem Statement / Motivation
Currently, the shell skill executes commands through the Anthropic
Sandbox Runtime (
srt) but does not expose a way to configure outboundnetwork access.
Relevant implementation:
https://github.com/kagent-dev/kagent/blob/1088ac2186089356a93e972b83986282006fdbac/python/packages/kagent-skills/src/kagent/skills/shell.py
Because of this limitation:
Real-world example
I created a skill that retrieves electricity prices in Spain:
https://github.com/felipevicens/spain-electricity-price-skill
This skill needs to query a public electricity price API. However,
requests fail due to the current network restrictions when running
inside the sandbox.
Who is affected
This affects developers building skills that require outbound access to:
Without controlled network access, many practical skills cannot be
implemented.
Why this is needed
Many real-world skills require controlled outbound network access. Without a safe allowlist mechanism, developers must either:
A configurable allowlist provides a secure middle ground.
💡 Proposed Solution
Expose outbound network configuration through environment variables,
and have the shell skill generate a runtime
srtsettings file thatenforces the network policy.
The Anthropic Sandbox Runtime enforces network restrictions via the
networkconfiguration in its settings file.Example
srtconfiguration:{ "network": { "allowedDomains": [ "api.esios.ree.es", "*.api.esios.ree.es" ], "deniedDomains": [ "malicious.com" ] } }The shell skill would dynamically generate this configuration from
environment variables.
Proposed environment variables
Example:
Expected behavior
variables.
srtsettings file containing thenetworkconfiguration.
srtenforces the network policy.Example implementation concept
The settings file could be generated in a temporary path such as:
and reused across executions.
Security considerations
access).
with the existing restricted configuration.
deniedDomainsshould overrideallowedDomains.*.github.com) should be supported.🔄 Alternatives Considered
No response
🎯 Affected Service(s)
Not Sure
📚 Additional Context
Relevant file that would need modification:
https://github.com/kagent-dev/kagent/blob/1088ac2186089356a93e972b83986282006fdbac/python/packages/kagent-skills/src/kagent/skills/shell.py
Anthropic Sandbox Runtime documentation:
https://github.com/anthropic-experimental/sandbox-runtime
Example real-world skill requiring outbound API access:
https://github.com/felipevicens/spain-electricity-price-skill
Adding this capability would allow developers to build production-ready
skills that integrate with external services while maintaining
controlled and secure network access.
🙋 Are you willing to contribute?