(github.com)

441 points longcat | 2 comments | 27 Aug 25 01:38 UTC | HN request time: 0.023s | source

Show context

Claude code is by all accounts a revolutionary tool for getting useful work done on a computer.

It's also:

- a NodeJS app

- installed by curling a shell script and piping it into bash

- an LLM that's given free reign to mess with the filesystem, run commands, etc.

So that's what, like 3 big glaring vectors of attack for your system right there?

I would never feel comfortable running it outside of some kind of sandbox, e.g. VM, container, dedicated dev box, etc.

kasey_junk ◴[27 Aug 25 13:44 UTC] No.45039575[source]▶

I definitely think running agents in sandboxes is the way to go.

That said Claude code does not have free reign to run commands out of the gate.

fwip ◴[27 Aug 25 18:18 UTC] No.45043092[source]▶

Pet peeve - it's free rein, not free reign. It's a horse riding metaphor.

replies(1): >>45043328 #

1. 0cf8612b2e1e ◴[27 Aug 25 18:37 UTC] No.45043328[source]▶

Bah, well I have been using that incorrectly my entire life. A monarchy/ruler metaphor seems just as logical.

replies(1): >>45043738 #

2. woollysammoth ◴[27 Aug 25 19:10 UTC] No.45043738[source]▶

There's a term "eggcorns" for these logical misinterpretations - https://en.wikipedia.org/wiki/Eggcorn

Malicious versions of Nx and some supporting plugins were published