At minimum this thing should be installed in its own VM. I shudder to think of people running this on their personal machine…

I’ve been toying around with it and the only credentials I’m giving it are specifically scoped down and/or are new user accounts created specifically for this thing to use. I don’t trust this thing at all with my own personal GitHub credentials or anything that’s even remotely touching my credit cards.