HomeProjectsBlog
GitHubLinkedInTwitterInstagram
2026-04-10

Running foreign code in production without a sandbox

Try SafeScript

Today an LLM ran SafeScript code within a prompt2bot server. Just a simple HTTP request and some processing, but this small step feels dramatic to me. To run it, I didn't need a VM or a sandbox. I also didn't expose myself to any malicious code or any possible hack. All using the powers of formal verification.

The problem

Agents need to run code to be useful. Tons of code, skills, and scripts float around, sometimes written by malicious actors, human or AI. So how do you run foreign code safely?

VMs are expensive. If agents need a VM for even the simplest scripts, that's money out of my pocket constantly.

Sandboxes have a substantial memory footprint. If you have 100 agents running simultaneously on one server, you need to pay for a lot of memory. Again, money out of my pocket.

In-runtime sandboxes are sort of safe, but not 100%. Someone might find a clever way to overcome them and gain access to your server. Pretty terrible.

So what people do is give agents very limited tools that do one action, and the LLM just calls them in a chain. Also not scalable, more tokens, and again, money out of my pocket.

Enter SafeScript

SafeScript is a non-turing-complete coding language. Non-turing-complete languages are more limited ("weaker") than what we usually use for programming (JS, TS, Python, etc.), but we can easily prove things about what they do. Turing-complete languages have bugs and vulnerabilities because they're expressive. With expressiveness comes room for mistakes.

Code written in SafeScript can be mathematically proven to not leak any secrets, to only deliver data from point A to point B, etc. If the permissions fit what the agent is permitted to do, I can run SafeScript just as any other code in my server, in a fast runtime within TypeScript. Safe and efficient.

But why would anyone write SafeScript?

That's the cool part. We now have, for the first time in history, LLMs that can translate from any language to any language. Most scripts can be translated automatically into SafeScript, even if their author never heard of it.

What this means is I can add almost any skill script to my prompt2bot agents, and they just run securely and for no cost. No VMs, no sandboxes, no per-tool token overhead. Just code that's proven safe before it runs.

If you're building agents and tired of paying for isolation, give SafeScript a look. It's open source.

← all posts