CelestoAI

CelestoAI / SmolVM

Public

Secure runtime for AI agents, and tools -- free and open-source from Celesto AI 🧡🛡️

docs.celesto.aismolvm agent-runtime openclaw sandbox
151
15
100% credibility
Found Feb 17, 2026 at 30 stars 5x -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

SmolVM is a Python library for creating fast, secure virtual machines to safely execute untrusted code from AI agents.

How It Works

1
📰 Discover safe AI code runner

You hear about SmolVM, a simple way to create secure sandboxes that let AI agents run any code without risking your computer.

2
🔧 Prepare your setup

Run a quick setup script to get your computer ready for secure virtual spaces on Linux or macOS.

3
📦 Add the tool

Install SmolVM easily so you can start creating protected environments right away.

4
🖥️ Launch a sandbox

Create a virtual machine with one line of code, and it boots up super fast with its own network and secure access.

5
🚀 Run risky code safely

Execute any AI-generated scripts or tools inside the sandbox, watching outputs securely without any danger to your main system.

6
🔌 Connect and explore

SSH into the virtual space or forward ports to test apps, set custom settings, and manage everything easily.

Everything cleaned up

Stop the sandbox and let it vanish automatically, leaving your computer spotless and ready for the next task.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 30 to 151 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is SmolVM?

SmolVM delivers a secure runtime environment for AI agents, launching microVMs with hardware isolation via Firecracker on Linux or QEMU on macOS. Developers pip-install the Python package, then use a simple SDK—like `with SmolVM() as vm: result = vm.run("your-script")`—to boot SSH-ready sandboxes, forward ports, inject env vars, and execute untrusted code without host risks. It beats containers for safety, auto-building Debian/Alpine images with tools for secure code execution.

Why is it gaining traction?

Unlike Docker's shared kernel vulnerabilities, SmolVM's KVM-backed isolation suits AI-generated scripts, booting in sub-seconds with NAT networking and cleanup. CLI commands like `smolvm env set` and port exposes via `vm.expose_local()` make it agent-first, rivaling Deno's secure JS runtime but for Python tools. Early buzz around securing GitHub Copilot outputs and actions draws devs seeking container runtime alternatives.

Who should use this?

AI engineers running LLM-spit code in agents, backend teams sandboxing GitHub Actions or Copilot snippets, or ops folks needing secure runtimes for remote auditing without full VMs. Ideal for prototyping secure client runtimes or replacing risky eval() in tools.

Verdict

Promising alpha for secure runtime needs (30 stars, 1.0% credibility), with strong docs, setup scripts, and examples—but sparse tests signal caution for prod. Prototype now if containers feel exposed; watch for maturity.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.