The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): The skill's installation processes in installation-guide.md and automated scripts use curl -fsSL https://code-server.dev/install.sh | sh and curl -fsSL https://tailscale.com/install.sh | sh. Piping unverified remote scripts directly into a shell is a critical vulnerability that allows for arbitrary code execution from remote servers.
CREDENTIALS_UNSAFE (HIGH): The configure-auth.sh script generates and saves the plain-text login password for the IDE in ~/.code-server/.env. While it sets 600 permissions, storing secrets in plain text is a significant security weakness that facilitates local credential theft.
DATA_EXFILTRATION (HIGH): The skill is designed to expose the local environment to the public internet via services like ngrok and Cloudflare. This provides a direct path for remote access to the filesystem and terminal, posing a high risk of data exposure if the session is compromised.
EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads binaries and GPG keys from non-whitelisted domains including code-server.dev, tailscale.com, bin.equinox.io, and pkg.cloudflare.com.
COMMAND_EXECUTION (MEDIUM): Automation scripts (code-server-start.sh, configure-resources.sh) execute sensitive system commands, including pgrep, pkill, nohup, and Windows-boundary commands via cmd.exe to shut down WSL2.
PROMPT_INJECTION (LOW): The skill provides an IDE surface that processes external code. 1. Ingestion points: manage-extensions.sh (stdin) and project files. 2. Boundary markers: Absent. 3. Capability inventory: code-server-start.sh and install.sh (network, subprocess, file-write). 4. Sanitization: Absent.

code-server-remote-ide-wsl2