Comment by randyrand
5 days ago
For Caude Code, Antigrav, etc, do people really just let an LLM loose on their own personal system?
I feel like these should run in a cloud enviroment, or at least on some specific machine where I don't care what it does.
That's also why I don't use these tools that much. You have big AI companies, known for harvesting humongous amount of data, illegally, not disclosing datasets. And they you give them control of your computer, without any way to cleanly audit what's going in and out. It's seriously insane to me that most developers seem to not care about that. Like, we've all been educated to not push any critical info to a server (private key and other secrets), but these tools do just that, and you can't even trust what it's gonna be used for. On top of that, it's also giving your only value (writing good code) to a third party company that will steal it to replace you with it.
We went 10 years backward security wise since the arrival of GPT 3.5 :/
Can't speak to Claude Code/Desktop, but any of the products that are VS Code forks have workspace restrictions on what folders they're allowed to access (for better and worse). Other products (like Warp terminal) that can give access to the whole filesystem come with pre-set strict deny/allow lists on what commands are allowed to be executed.
It's possible to remove some of these restrictions in these tools, or to operate with flags that skip permissions checks, but you have to intentionally do that.
Talking about VS Code itself (with Copilot), I have witnessed it accessing files referenced from within a project folder but stored outside of it without being given explicit permission to, so I am pretty sure it can leak information and potentially even wreak havoc outside its boundaries.
except that if you give shell access, you aren't really protected from Gemini 2.5 Pro going "mad" and starting rm -rf stuff or writing some shady Perl scripts.
(Co-creator here) This is one of the use cases for Leash.
https://news.ycombinator.com/item?id=45883210
I think a problem is that a lot of people are working on terrible systems, because honestly, what you're asking doesn't even make sense to me.
Both Antigravity and Claude Code ask for permission before running terminal commands.
Is it impossible for them to mess up your system? No. But it does not seem likely.
I only ever run it in a podman developer container.
Yolo.
yes, the majority of people do.