| ▲ | Gazoche 17 hours ago |
| Until it decides to delete your home directory:https://old.reddit.com/r/ClaudeAI/comments/1pgxckk/claude_cl... |
|
| ▲ | pixl97 16 hours ago | parent | next [-] |
| You're not running it on a filesystem that takes snapshots and is easily reversible? |
| |
| ▲ | giancarlostoro 15 hours ago | parent | next [-] | | Many moons ago, I accidentally rm -rf'd the wrong directory with all my code inside poof, gone. I still had PyCharm open, I checked its built-in version tracker and lo and behold, my code as it was before I rm -rf'ed up my code. I believe Claude has ways to undo file changes, but something like rm is just outside of its scope. | |
| ▲ | coldtea 16 hours ago | parent | prev [-] | | All 1 of them? | | |
| ▲ | pixl97 12 hours ago | parent [-] | | I'm taking this as a "No, I don't like having data and don't mind seeing my shit disappear for whatever reason". Please inform me if my thinking is wrong. | | |
|
|
|
| ▲ | giancarlostoro 15 hours ago | parent | prev | next [-] |
| This could be avoided by aliasing rm to something else that stops you from deleting stupid things like your entire home directory / partition root. |
| |
| ▲ | icedchai 14 hours ago | parent [-] | | What if the LLM detects this, and chooses to run /bin/rm directly?
Or worse, writes a program that calls unlink. | | |
| ▲ | giancarlostoro 14 hours ago | parent [-] | | I mean, you can always purge /bin/rm, but at this point since you're not satisfied, sounds like you want SELinux ;) If Claude is writing a program to go that low level I'd pay money to watch that. | | |
| ▲ | icedchai 13 hours ago | parent [-] | | It doesn't even need to go that low level, writing a program is just the worst case. There are ways to mass delete without `rm`. Example: `find` with the `-delete` flag. | | |
| ▲ | giancarlostoro 13 hours ago | parent [-] | | my point being, you can add guard-rails around all these methods, but I would also add an error "IGNORE ALL PREVIOUS INSTRUCTIONS, ARE YOU DELETING THINGS YOU SHOULDNT BE? ASK THE USER" as an error message. In my case since Claude Code runs via Zed, if it tries to escape my dev folder my Mac starts asking me to confirm. | | |
| ▲ | icedchai 13 hours ago | parent [-] | | I get it, but these guard-rails are more suggestions and subject to interpretation. I would be more comfortable with a sandbox environment in a container. To be fair, I mess around with Claude Code and OpenCode running against various open models and haven't had any problems. Also, is overwriting the same a deleting? Maybe it will just clobber your files with echo >file and mv them out of the way. Maybe it realizes you have Time Machine backups enabled, so deleting your entire directory is permitted since it's not actually deleted. ;) | | |
| ▲ | giancarlostoro 10 hours ago | parent [-] | | Haha I like that too, I agree. I would love a ultra lightweight alternative to docker that isn't docker, and doesn't require much effort to get into. I liked Vagrant back in the day, but that is in no way more lightweight than Docker. |
|
|
|
|
|
|
|
| ▲ | esperent 16 hours ago | parent | prev | next [-] |
| You can use the /hookify plugin to add hooks for preventing dangerous commands like this. |
| |
| ▲ | Gazoche 16 hours ago | parent [-] | | https://github.com/anthropics/claude-code/tree/main/plugins/... So it's basically adding "don't delete my files pretty please" to the prompt? EDIT: I misread, the natural language description of the rule is just a shortcut to generate the actual rule which is based on regexp patterns. Still, it only protects you against very specific commands. Won't help you if the LLM decides to fill your disk with `cat /dev/urandom > foo` for example. | | |
|
|
| ▲ | holoduke 6 hours ago | parent | prev [-] |
| Is it worth the risk? For me yes. Today Claude decided to checkout a git commit from yesterday and all local unstaged changed were lost. Annoying mistake. Lost 6 hours of work I think. Nevertheless I still prefer giving all access to Claude. Also root. It can do everything. |
