What would it break? It can't do anything that NPM malware wouldn't also do and that's a risk I've already accounted for.
At best someone extracts 0-59 minutes of a session key for my aws credentials for one development account, boring, whatever source code is currently on the machine, also boring,
There's more risk that vetting someone on Upwork goes wrong and they burn me than Claude does.
Am I blind to the actual risk here? how many of you execute unverified code from libraries without a sandbox?
alt Hacker News
What would it break? It can't do anything that NPM malware wouldn't also do and that's a risk I've already accounted for.
At best someone extracts 0-59 minutes of a session key for my aws credentials for one development account, boring, whatever source code is currently on the machine, also boring,
There's more risk that vetting someone on Upwork goes wrong and they burn me than Claude does.
Am I blind to the actual risk here? how many of you execute unverified code from libraries without a sandbox?