Sure, it's not malicious. But it is very eager to get things done, and surprisingly inventive and knowledgeable in all kinds of workarounds.
replyI've many times seen Claude try to execute a command that it's not supposed to, the harness prevents it, and then it writes and executes a python script to do it.
replybreaking a chroot takes more than that..
replyHow much more? Depends on the system doesn't it? I don't know how many systems have proc mounted but don't you get it from /proc/self/root?
replyAnyway that's beside the point, which is that it doesn't have to "be malicious" to try to overcome what look like errors on its way to accomplishing the task you asked it to do.
That doesn't mean claude can't do it, chroot is better than nothing but not a real solution
replyMalice is not required. If it thinks it is in the right, then it will do whatever it takes to get around limitations.
replyUntil it gets prompt injected. Are you reading every single file your agent reads as part of the tasks you give it, including content fetched from the web or third-party packages?
replyClaude is far from stupid from my experience.
I've used so many models and Claude is king.
reply