No.

Most valuable data on your system for a malware author is login cookies and saved auth tokens of various services.

Maybe keylogging for online services.

But it is true that work and personal machines have different threat vectors.

Yes, but I'm willing to bet most workers don't follow strict digital life hygiene and cross contaminate all the time.

You don't have any stored passwords? Any private keys in your `.ssh/`? DB credentials in some config files? And the list goes on and on.

I don't store passwords (that always struck me as defeating the purpose) and my SSH keys are encrypted.

This kind of mentality, and "seems a bit excessive to sandbox a command that really just downloads arbitrary code", is why the JS ecosystem is so prone to credential theft. It's actually insane to read stuff like that said out loud.

Right but the opposite mentality winds up putting so much of the eggs in the basket of the container that it defeats a lot of the purpose of the container.