diff --git a/typed-racket-lib/typed/racket/unsafe.rkt b/typed-racket-lib/typed/racket/unsafe.rkt
index 25e80cf8..05014e53 100644
--- a/typed-racket-lib/typed/racket/unsafe.rkt
+++ b/typed-racket-lib/typed/racket/unsafe.rkt
@@ -2,8 +2,8 @@
 
 ;; This module provides unsafe operations for Typed Racket
 
-(provide unsafe-provide
-         unsafe-require/typed)
+(provide (protect-out unsafe-provide
+                      unsafe-require/typed))
 
 (require (for-syntax racket/base
                      typed-racket/private/syntax-properties
diff --git a/typed-racket-test/fail/sandboxed-unsafe-ops.rkt b/typed-racket-test/fail/sandboxed-unsafe-ops.rkt
new file mode 100644
index 00000000..df16b4d1
--- /dev/null
+++ b/typed-racket-test/fail/sandboxed-unsafe-ops.rkt
@@ -0,0 +1,15 @@
+#;
+(exn-pred #rx"access disallowed by")
+#lang racket/base
+
+;; This test checks that TR's unsafe libraries are not accessible
+;; from a sandboxed context
+
+(require racket/sandbox)
+
+(parameterize ([sandbox-memory-limit 1000])
+  (define eval (make-evaluator 'typed/racket))
+  (eval '(require typed/racket/unsafe))
+
+  ;; should fail
+  (eval '(unsafe-require/typed racket/base [values 3])))