Comment by kasey_junk
3 months ago
I definitely think running agents in sandboxes is the way to go.
That said Claude code does not have free reign to run commands out of the gate.
3 months ago
I definitely think running agents in sandboxes is the way to go.
That said Claude code does not have free reign to run commands out of the gate.
Pet peeve - it's free rein, not free reign. It's a horse riding metaphor.
Bah, well I have been using that incorrectly my entire life. A monarchy/ruler metaphor seems just as logical.
There's a term "eggcorns" for these logical misinterpretations - https://en.wikipedia.org/wiki/Eggcorn
Yes it does; you are thinking of agent tool calls. The software package itself runs as your uid and can do anything you can do (except on macOS where reading of certain directories is individually gated).
Claude Code is an agent. It will not call any tools or commands without your prior consent.
Edit: unless you pass it an override like --dangerously-skip-permissions, as this malware does. https://www.stepsecurity.io/blog/supply-chain-security-alert...
Ok, but that’s true of _any_ program you install so isn’t interesting.
I don’t think the current agent tool call permission model is _right_ but it exists, so saying by default it will freely run those calls is less true of agents than other programs you might run.
Not all programs misbehave in this way. Signal desktop lets you turn off this vulnerability, and of course iOS apps and normal macOS apps are not allowed to self-modify, as it breaks their signature.
https://github.com/signalapp/Signal-Desktop/issues/4578
https://github.com/syncthing/syncthing-macos/issues/122