| ▲ | kasey_junk 6 days ago |
| I definitely think running agents in sandboxes is the way to go. That said Claude code does not have free reign to run commands out of the gate. |
|
| ▲ | fwip 5 days ago | parent | next [-] |
| Pet peeve - it's free rein, not free reign. It's a horse riding metaphor. |
| |
| ▲ | 0cf8612b2e1e 5 days ago | parent [-] | | Bah, well I have been using that incorrectly my entire life. A monarchy/ruler metaphor seems just as logical. | | |
|
|
| ▲ | sneak 6 days ago | parent | prev [-] |
| Yes it does; you are thinking of agent tool calls. The software package itself runs as your uid and can do anything you can do (except on macOS where reading of certain directories is individually gated). |
| |
| ▲ | otterley 6 days ago | parent | next [-] | | Claude Code is an agent. It will not call any tools or commands without your prior consent. Edit: unless you pass it an override like --dangerously-skip-permissions, as this malware does. https://www.stepsecurity.io/blog/supply-chain-security-alert... | |
| ▲ | kasey_junk 5 days ago | parent | prev [-] | | Ok, but that’s true of _any_ program you install so isn’t interesting. I don’t think the current agent tool call permission model is _right_ but it exists, so saying by default it will freely run those calls is less true of agents than other programs you might run. | | |
|
