Guys, you obviously cannot suggest that —dangerously-skip-permissions is ok here, especially in the same paragraph as “even if you are not a software engineer”. This is untrusted text from the Internet, it surely contains examples of prompt injection.
You need to sandbox Claude to safely use this flag. There are easy to use options for this.
Today I finally got Claude working in a devcontainer, so I'm wondering what the easier options are.
Things like https://github.com/textcortex/claude-code-sandbox seem like the bare minimum. There are a few other projects doing this.
The first threat is making edits to arbitrary files, exfiltrating your SSL keys or crypto wallets. A container solves that by not mounting your sensitive files.
The second threat would be if Claude gets fully owned and really tries to hack out of its container, in which case theoretically docker might not protect you. But that seems quite speculative.
Yeah, I don't think there are easier options. And getting it working within a dev container with all the right settings, was more of a chore than it should be.
Don't completely rely on devcontainer, jailbreaking containers is something that Claude at least nominally knows how to do, though it seems like it's pretty strongly moralized not to without some significant prompt hacking.