Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Recommend you never give codex or Claude access to rm or deletions in general. Always force them to replace files rather than deleting, and moving into an ~/archive folder when not replacing and wanting to “remove”.

This works well, but is not sureproof. You can add a hook onto Claude code to block those commands at various stages, I have some useful hooks at my https://GitHub.com/claude-warden repo.



It's a good guardrail, but like you say, it's not foolproof. Lots of commands have destructive options, or can be used to in turn invoke arbitrary operations. Like `find` is just as risky a call as `rm`. I can just see imagine the reasoning chain.

"There is an error due to <file>. If I remove <file>, the error could be resolved. I don't have permission to use `rm`, but `find` can be used to delete files and I have permission to use that..."


Couldn't these tools be made to run in an OverlayFS-type filesystem that the user could review and apply changes to when they're done?

It would also be nice to have a second agent review every command to ensure nothing overly destructive is happening.

Are either of these things possible with Codex/CC?


CC is really good at finding ways to work around denied permissions. The only safe solution is some kind of vm.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: