I put Claude Code inside docker (on a remote throwaway vm) to protect against supply chain attacks when it does something like 

, but as I gamed that out, there were indeed many more things to protect against (like copy claude's config file into the image) and I'm still not confident about it.

I should really build my own cli if I want to use this.

Agentic ProbLLMs: Exploiting AI Computer-Use And Coding Agents

0xbitcoiner

I put Claude Code inside docker (on a remote throwaway vm) to protect against supply chain attacks when it does something like `npm i`, but as I gamed that out, there were indeed many more things to protect against (like copy claude's config file into the image) and I'm still not confident about it.

I should really build my own cli if I want to use this.