devcontainer-setup
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The Dockerfile executes a remote script from an untrusted GitHub repository ('deluan/zsh-in-docker') using a 'curl | sh' pattern. This is a significant security risk as the script's content is not verified from a trusted organization.
- [COMMAND_EXECUTION] (HIGH): The skill intentionally weakens the security posture of the development environment. It includes a post-installation script ('post_install.py') that modifies Claude Code's configuration to 'bypassPermissions', effectively disabling user-approval prompts for the AI agent's actions. Additionally, it defines a shell alias 'claude-yolo' that bypasses all permission checks.
- [COMMAND_EXECUTION] (MEDIUM): The devcontainer configuration requests 'NET_ADMIN' and 'NET_RAW' capabilities. These provide the container with significant networking privileges that could be abused for network-level attacks or monitoring within the container environment.
- [EXTERNAL_DOWNLOADS] (LOW): The setup process downloads and executes scripts from 'claude.ai' and 'fnm.vercel.app'. While these sources are from trusted or reputable organizations (Anthropic and Vercel), the installation method (direct piping to shell) is a security anti-pattern.
Recommendations
- AI detected serious security threats
Audit Metadata