Ghostbox provisions ephemeral SSH-accessible dev machines by borrowing compute from GitHub Actions and other free-tier sources, then discards them when work is done.
Key Takeaways
Install via CLI or curl | bash; machines expose shell, repo, packages, network, and preview URLs without touching your laptop.
Designed for agent workloads: give a coding agent a real disposable machine, scoped secrets, and a preview URL that expires automatically.
GitHub Actions is framed as the first compute source; the roadmap implies harvesting other “pockets of temporary compute” across the internet.
No persistent platform, no sysadmin overhead; the pitch is zero server footprint after the session ends.
Hacker News Comment Review
Commenters immediately flagged ToS risk: using GitHub Actions as free compute almost certainly violates GitHub’s terms, and the GitHub repo appeared to go 404 shortly after posting, suggesting a takedown.
Security concerns dominate: curl | bash install combined with unknown compute provenance and opaque secret handling gives operators no visibility into what logs, profiles, or exfiltration may occur on the host machine.
The project has no public source code, only a releases repo with binaries, which compounds trust concerns when the install script itself was already returning 404 for some users.
Notable Comments
@cobertos: supply-side incentives misalign when you don’t know which provider hosts your workload, reducing operator accountability for secret handling.
@pvitz: Segfault by THC offers a comparable disposable SSH machine as an established alternative.
