> The whole experience was a bit jarring. When it knows I use nix, the the thing can easily `nix-shell -p nmap` its way into learning a lot more about my entire network than I am comfortable with. I think I'll edit the Containerfile further to also make Claude Code a user that can't install anything.
Note that putting it in container changes jack shit, if it still has network access, it can scan your network anyway, and it needs access to install language deps and such to "do its work"
It's a security nightmare.
loading story #47690425
Every goddamn time with this type of dogshit advice.
Perfect is the enemy of good.
Don't just rawdog a coding agent because a perfectly viable solution (containers) takes an hour or two of work to set up.
There's a world of difference between "it can scan your network" and "I just uploaded my private SSH keys to the cloud".
loading story #47690501