OpenSandbox

Score Summary

Key Findings

• ›Authentication is opt-in, not opt-in-by-default: the server README explicitly states 'Authentication is enforced only when server.api_key is set', meaning a freshly installed instance accepts unauthenticated sandbox creation and command execution (source: https://github.com/alibaba/OpenSandbox/blob/main/server/README.md).
• ›CORS middleware is configured to allow all origins by default, which enables cross-origin requests to an authenticated server from any web page if api_key is also set (source: https://deepwiki.com/alibaba/OpenSandbox/4.1-getting-started-with-examples).
• ›Pre-built container images are hosted on an Alibaba Cloud registry in the cn-zhangjiakou region (sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com); teams in regulated or geographically restricted environments should mirror these images to their own registry (source: https://github.com/alibaba/OpenSandbox/blob/main/examples/codex-cli/README.md).
• ›No SECURITY.md or dedicated security disclosure process exists in the repository; the only security contact listed is a code-of-conduct email (conduct@opensandbox.io), not a security@ channel (source: https://open-sandbox.ai/community/contributing). Alibaba’s corporate HackerOne VDP exists but does not explicitly list OpenSandbox as in-scope.
• ›Apache 2.0 license imposes no restrictions on commercial use but requires preservation of copyright and license notices in any derivative distribution — operators packaging OpenSandbox components must include the LICENSE file (source: https://github.com/alibaba/OpenSandbox/blob/main/README.md).