upvote

points

by esperent18 hours ago |
comments
upvoteby Diti16 hours ago|
next
[-]
I added something similar. Claude eventually ran a `rm -rf *´ on my own project. When I asked why it did that, it recognized it messed up and offered a very bad “apology”: “the irony of not following your safety instructions isn’t lost on me”.

Nowadays I only run Claude in Plan mode, so it doesn’t ask me for permissions any more.

reply
upvoteby lxgr11 hours ago|
prev|
[-]
It works well so far, for you.

Are you confident it would still work against sophisticated prompt injection attacks that override your "strongly worded message"?

Strongly worded signs can be great for safety (actual mechanisms preventing undesirable actions from being taken are still much better), but are essentially meaningless for security.

reply
upvoteby unshavedyak6 hours ago|
parent|
next
[-]
Not sure about OPs impl, but the wording doesn’t matter. The hook prevents the use of whatever action you want. Eg it’s impossible for Claude to use Emojis for me. My hook doesn’t allow it.

So it’s deterministic based upon however the script it written

reply
upvoteby esperent10 hours ago|
parent|
prev|
[-]
I mean, that's like saying are you sure that your antivirus would prevent every possible virus? Are you sure that you haven't made some mistake in your dev box setup that would allow a hacker to compromise it? What if a thief broke i to your house and stole your laptop? That's happened to me before, much more annoying to recover from that an accidental rm rf.

I do my best to keep off site back ups and don't worry about what I can't control.

reply
upvoteby lxgr10 hours ago|
parent|
[-]
> I mean, that's like saying are you sure that your antivirus would prevent every possible virus?

Yes, I'm saying it's pretty much as bad as antivirus software.

> Are you sure that you haven't made some mistake in your dev box setup that would allow a hacker to compromise it?

Different category of error: Heuristically derived deterministic protection vs. protection based on a stochastic process.

> much more annoying to recover from that an accidental rm rf.

My point is that it's a different category, not that one is on average worse than the other. You don't want your security to just stand against the median attacker.

reply