GhostBox CLI provisions ephemeral SSH-accessible dev machines by siphoning GitHub Actions runners, designed for agent workloads and dirty builds.
Key Takeaways
Install via curl -fsSL https://www.ghost.charity/install.sh | bash; SSH in, run work, let the machine expire.
Primary use cases: isolating weird builds from your laptop, giving coding agents a real shell with scoped secrets, and exposing preview URLs without local tunnel risk.
The “Global Free Tier” concept abstracts multiple sources of spare compute; GitHub Actions is framed as only the first backend.
Agent-specific features include scoped secret passing, preview URL exposure, session logs, and automatic cleanup on expiry.
No persistent platform or sysadmin required; compute is borrowed and returned.
Hacker News Comment Review
Strong consensus that routing workloads through GitHub Actions runners violates or at minimum strains GitHub’s Terms of Service, and the GitHub repos were disabled shortly after the post went live.
Commenters raised supply-side trust problems: when the underlying compute source is opaque, the operator has weaker incentive to protect secrets, logs, or workload behavior from exfiltration.
The founder replied that the ToS concern is mistaken and expects GitHub to restore the repos, but no authoritative confirmation was present in the thread.
Notable Comments
@cobertos: If you don’t know where your workload is deployed, the operator has less incentive to respect your secrets or activity logs.
@fhn: Flags curl-pipe-bash plus unknown free compute as a vector for training data harvesting or secret collection.
