devcontainer-setup
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill configures the development container to mount the sensitive host directory '~/.claude' to '/root/.claude'. This path contains session information, history, and configuration for the Claude Code CLI, exposing host-level agent data to the container environment.
- [COMMAND_EXECUTION]: The generated 'setup.sh' script includes automated logic to search the workspace for agent-related configuration files (rules, commands, skills) and symlink them into the active '/root/.claude' directory. This creates a security risk where an untrusted repository could provide malicious configuration files that are automatically adopted by the user's AI environment.
- [EXTERNAL_DOWNLOADS]: The skill performs global installation of the '@anthropic-ai/claude-code' package from the NPM registry and integrates official devcontainer features from the GitHub Container Registry. These resources originate from well-known service providers.
Audit Metadata