devcontainer-setup
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads system tools and configuration scripts from trusted and well-known sources, including Anthropic (claude.ai), Vercel (fnm.vercel.app), and official GitHub release pages for Delta, FZF, and Zsh-in-Docker.
- [COMMAND_EXECUTION]: Utilizes a post-installation Python script (post_install.py) to configure container-specific settings such as tmux configuration, git globals, and directory ownership adjustments using sudo.
- [COMMAND_EXECUTION]: The devcontainer configuration requests elevated network capabilities (NET_ADMIN, NET_RAW) and installs network utilities (iptables, ipset) to facilitate specific sandboxing features described in the documentation.
- [SAFE]: The skill configures Claude Code to operate in a permission-bypass mode (bypassPermissions) and provides shell aliases for unprompted execution. These settings are explicitly documented as part of the skill's purpose to create sandboxed development environments.
- [SAFE]: Binds the host's .gitconfig file as a read-only mount to the container to maintain user identity, a standard practice in devcontainer setups.
Audit Metadata