Things like https://github.com/textcortex/claude-code-sandbox seem like the bare minimum. There are a few other projects doing this.

The first threat is making edits to arbitrary files, exfiltrating your SSL keys or crypto wallets. A container solves that by not mounting your sensitive files.

The second threat would be if Claude gets fully owned and really tries to hack out of its container, in which case theoretically docker might not protect you. But that seems quite speculative.