(github.com)

70 points kristianp | 3 comments | 18 Jul 25 23:22 UTC | HN request time: 0.005s | source

Show context

thebestmoshe ◴[18 Jul 25 23:42 UTC] No.44611084[source]▶

I really like how easy it is to run using bunx, pnpx, npx, etc.

But does anyone have thoughts on the security aspect. Getting people used to just running code like this that has full access to the system is slightly concerning.

On the other hand it’s no different than installing npm packages

replies(2): >>44611573 #>>44611623 #

1. ghuntley ◴[19 Jul 25 01:11 UTC] No.44611623[source]▶

>>44611084 #

> anyone have thoughts on the security aspect

Yes, you need to run these agents in a sandboxed environment when running full AFK [1] yolo. That could be a Docker container or it could be remote developer environment.

[1] https://ghuntley.com/ralph

replies(1): >>44611926 #

2. pjm331 ◴[19 Jul 25 02:07 UTC] No.44611926[source]▶

>>44611623 (TP) #

They are talking about the fact that you can run this npm tool without installing it - not running code agents

replies(1): >>44611953 #

3. ghuntley ◴[19 Jul 25 02:13 UTC] No.44611953[source]▶

>>44611926 #

Ah, that's the least of their issues!

↑

Ccusage: A CLI tool for analyzing Claude Code usage from local JSONL files