top | item 46905784

(no title)

> At a bare minimum, the agent must have the ability to: read files, execute programs, and make HTTP requests.

That's one very short step removed from Simon Willison's lethal trifecta.

discuss

I will say one thing Claude does is it doesn't run a command until you approve it, and you can choose between a one-time approval and always allowing a command's pattern. I usually approve the simple commands like `zig build test`, since I'm not particularly worried about the test harness. I believe it also scopes file reading by default to the current directory.

tehlike|23 days ago

A lot of people run the claude with --dangerously-skip-permissions

glitchcrab|23 days ago

This is why I won't run Claude without additional sandboxing. I'm currently using (and quite pleased with) https://github.com/strongdm/leash

recursive|24 days ago

I'm definitely not running that on my machine.

margalabargala|24 days ago

The way this is generally implemented is that agents have the ability to request a tool use. Then you confirm "yes, you may run this grep".

brandonpaiz|23 days ago

Same, but I felt okay sticking my code base in a VM and then letting an agent run there. I’d say it worked well