docker-sandbox

[Skill Scanner] [Documentation context] Installation of third-party script detected This skill/documentation is functionally aligned with its stated purpose (running agent LLM tool CLIs inside Docker sandbox containers). It does not contain code that is directly malicious or covert. However, there are moderate supply-chain and credential-exposure risks: long-lived tokens and portable auth.json files being stored and leased into containers, permissive default networking for sandboxes, and the ability to save and reuse templates that may capture state or installed packages. These are operational hazards (credential leakage, template-based propagation of compromised packages) rather than explicit malware. Operators should enforce strict secret lifetimes, network egress restrictions, avoid saving templates containing secrets, and audit any globally installed packages before template publication. LLM verification: [LLM Escalated] The code and documentation are functionally coherent but present moderate operational and supply-chain risks. The main dangers stem from long-lived/portable credentials, writing raw credentials into sandbox files, bidirectional workspace mounts, default-open network access, and instructions to install and save third-party packages into templates. These factors can enable credential theft or persistent compromise if sandboxes run untrusted code or templates are reused without validation. Recommen