I don't use claude and googled yolo mode out of curiosity. For others in the same boat:
replyhttps://www.anthropic.com/engineering/claude-code-best-pract...
I shudder to think of what my friends' AWS bill looks like letting Claude run aws-cli commands he doesn't understand
replyI run it from within a dev container. I never had issues with yolo mode before, but if it somehow decided to use the gcloud command (for instance) and affected the production stack, it’s my ass on the line.
replyIf you give it auth information to talk to Google apis, that’s not really sandboxed.
replyRun it within a devcontainer and there is almost no attack profile and therefore no risk. With a little more work it could be fully sandboxed.
replyYou still have to be pretty careful it doesn't have access to any API keys it could decide to exfiltrate...
replyHow would it have access to API keys? You don’t put those in your git repo, do you?
replyIf the code can call a method that provides the API key, what would stop the LLM from calling the same code? How do you propose to let an LLM run tests that execute code that requires API without the LLM also being able to grab the key?
reply