devcontainer-security
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is a defensive utility designed to harden development environments against supply chain attacks and container escapes using industry best practices.
- [EXTERNAL_DOWNLOADS]: The configuration fetches Node.js binaries from nodejs.org and the Claude CLI from Anthropic's official claude.ai domain, both of which are well-known and trusted sources.
- [REMOTE_CODE_EXECUTION]: Includes an installation pattern for the Claude CLI using a piped bash script from a trusted vendor. While this pattern is generally scrutinized, it is used here for its intended purpose from an authoritative source.
- [COMMAND_EXECUTION]: The provided utility scripts (
run-integration-tests.shandverify-hardening.sh) use standard system commands and the Docker CLI to perform legitimate environment validation and security auditing. - [DATA_EXPOSURE]: The skill proactively mitigates data exposure by unsetting sensitive environment variables and cleaning up IPC sockets that could otherwise be leveraged for host access.
Audit Metadata