modal-sandbox

Benign overall, with normal risk for a tool that runs untrusted code in isolated sandboxes and exposes services via tunnels. The footprint is coherent with the stated purpose, but the combination of long-lived controller processes, public service exposure, and runtime file/uploads increases risk if access controls are misconfigured or secrets are mishandled. Recommend explicit secret management guidance, safe defaults for network exposure (tighten cidr_allowlist, require create_connect_token with scoped access), and clear prompts to user about sandbox lifecycle actions that have real-world effects.