Modern agenting coding software is scoped to only allow edits in the project folder, with some sandboxing more aggressively than others (Claude Code the most)
replyDon't lie. The correct way to run it is with sudo su - then IS_SANDBOX=1 claude code --dangerously-skip-permissions
replyThis is the true AI pilled version.
only if you run it as root, run it as a user and it can't do any more damage than the user running it could. It can still certainly send any data the user has access to anywhere on the inet though, that's a big problem. idk if there's a way to lock down a user so that they can only open sockets to an IP on a whitelist.. maybe that could be an option to at least keep the data from going anywhere except to Anthropic (that's not anywhere close to perfect/correct either but it's something i guess).
replyAnd it's pretty easy to run in a stronger sandbox too.
reply"docker sandbox run claude" in a recent version of docker is a super easy way to get started.