One easy way to accidentally give Claude permission to do almost anything is to tell it that it’s allowed to run “find” without confirmation.

Claude is constantly searching through your files and approving every find command is annoying.

The problem is, find has a --exec flag that lets it run arbitrary bash commands. So now Claude can basically do anything it wants.

I have really been enjoying Claude in a container in yolo mode though. Seems like the main risk I am taking is data exfiltration since it will has unfettered access to the internet.