It's useful, but if an attacker got a shell on the dev laptop, I assume he could just coredump the ssh-agent process and steal the unlocked key from there.