Imo I don't trust ANY of these tools to run in non-isolated environments.

All of these tools are either

- created by companies powered by VC money that never face consequences for mishandling your data

- community vibecoded with questionable security practices

These tools also need to have a substantial amount of access to be useful so it is really hard to secure even if you try. Constantly prompting for approval leads to alert fatigue and eventually a mistake leading to exfiltration.

I suggest just stick to LXC or VM. Desktop (including linux) userland security is just bad in general. I try to keep most random code I download for one off tasks to containers.