The Agent Skills Directory

[COMMAND_EXECUTION]: The resources/post_install.py script executes shell commands via subprocess.run with sudo to adjust directory ownership for mounted volumes. This is a standard procedure in devcontainer environments to ensure the non-root user can access persistent data.
[EXTERNAL_DOWNLOADS]: The resources/Dockerfile downloads scripts and binaries from trusted organizations and well-known services, including Anthropic (Claude Code), Vercel (fnm), Microsoft (base images), and Astral (uv). It uses cryptographic SHA256 digests for base images to ensure supply chain integrity.
[PRIVILEGE_ESCALATION]: The resources/devcontainer.json configuration grants NET_ADMIN and NET_RAW capabilities to the container. This allows the use of network management tools like iptables and ipset, which is intended for network isolation and security testing within the sandbox.
[SAFE]: The skill configures Claude Code with bypassPermissions and provides a claude-yolo alias. This intentionally disables confirmation prompts for tool execution to streamline the developer experience within the isolated container environment.
[SAFE]: The resources/install.sh helper script includes a security check (check_no_sys_admin) to prevent users from adding SYS_ADMIN capabilities, which would compromise the security of read-only volume mounts.

devcontainer-setup