←back to thread

71 points kristianp | 5 comments | | HN request time: 1.039s | source
1. thebestmoshe ◴[] No.44611084[source]
I really like how easy it is to run using bunx, pnpx, npx, etc.

But does anyone have thoughts on the security aspect. Getting people used to just running code like this that has full access to the system is slightly concerning.

On the other hand it’s no different than installing npm packages

replies(2): >>44611573 #>>44611623 #
2. simonw ◴[] No.44611573[source]
Maybe this kind of thing would be better written in Deno?

Deno has mechanisms for allow-listing the exact files the process can access - in this case you would want to give it read-only access to the log files in the ~/.claude directory and nothing else.

3. ghuntley ◴[] No.44611623[source]
> anyone have thoughts on the security aspect

Yes, you need to run these agents in a sandboxed environment when running full AFK [1] yolo. That could be a Docker container or it could be remote developer environment.

[1] https://ghuntley.com/ralph

replies(1): >>44611926 #
4. pjm331 ◴[] No.44611926[source]
They are talking about the fact that you can run this npm tool without installing it - not running code agents
replies(1): >>44611953 #
5. ghuntley ◴[] No.44611953{3}[source]
Ah, that's the least of their issues!