docker-sandbox

SUSPICIOUS: the skill’s purpose is coherent and it relies on official Docker/OpenAI/Anthropic tooling, so this is not a malware-like mismatch. However, it instructs the agent to copy raw host auth material, store long-lived tokens, inject them into sandboxed CLIs, and run with default network access; those choices are higher-risk than necessary and only partly supported by official auth docs.