alt Hacker NewsI don’t know if the Streisand Effect is relevant here since Anthropic will block any other uses of their private APIs, not just OpenCode. The private Claude Code API was never advertised nor sold as a general purpose API for use with any tool.
OpenCode is an interesting tool but if this is your first time hearing of it you should probably be aware of their recent unauthenticated RCE issues and the slow response they’ve had to fixing it: https://news.ycombinator.com/item?id=46581095 They say they’re going to do better in the future but it’s currently on my list of projects to keep isolated until their security situation improves.
Replies
A coding agent is just a massive RCE, what do you think happens when claude gets prompt injected? Although I don't defend not fixing an RCE.
Absolutely all coding agents should be run in sandboxed containers, 24/7, if you do otherwise, please don't cry when you're pwned.
Imo I don't trust ANY of these tools to run in non-isolated environments.
All of these tools are either
- created by companies powered by VC money that never face consequences for mishandling your data
- community vibecoded with questionable security practices
These tools also need to have a substantial amount of access to be useful so it is really hard to secure even if you try. Constantly prompting for approval leads to alert fatigue and eventually a mistake leading to exfiltration.
I suggest just stick to LXC or VM. Desktop (including linux) userland security is just bad in general. I try to keep most random code I download for one off tasks to containers.