From what I can see you are not sandbox'ing duktape at all... is this correct?

Depends on your definition of sandboxing. Each Interpreter has its own heap. But yeah, dukpy is certainly not meant to run unverified code coming from unknown locations. Only trusted code.

Given that dukpy only has access to functions and variables you explicitly provide and there is no default support for network, disk or system calls, I think that excluding bugs dukpy should satisfy a definition of sandboxing.