devcontainer-setup

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] No clear malicious code or backdoor is present in the provided skill description. The design is largely consistent with the stated purpose of generating devcontainer configurations. Security concerns are operational: the skill instructs downloads of runtimes (uv/fnm) without explicit trusted URLs or checksum verification, grants NET_ADMIN capability which raises privilege concerns, and runs project package/install scripts during postCreateCommand (normal for dev environments but a vector for executing malicious repository scripts). Recommend: document trusted binary sources and checksum verification, justify NET_ADMIN or limit capabilities, and warn users that postCreate commands will execute repository scripts and package installers. LLM verification: The devcontainer-setup skill's declared purpose aligns with its behavior (generating devcontainer configs and running installers). It is not obviously malicious, but it carries moderate supply-chain and privilege risks: it depends on nonstandard installers ('uv'), runs postCreate scripts that can execute arbitrary code and perform destructive filesystem operations (rm -rf), and requests NET_ADMIN and persistent volume mounts. Those elements are disproportionate or high-impact for many use cases