If you are on macOS it is not a bad idea to use sandbox-exec to wrap your claude or other coding age...

dnw • last Monday at 12:47 AM • 1 reply • view on HN

If you are on macOS it is not a bad idea to use sandbox-exec to wrap your claude or other coding agents around. All the agents already use sandbox-exec, however they can disable the sandbox. Agents execute a lot of untrusted coded in the form of MCP, skills, plugins etc.

One can go crazy with it a bit, using zsh chpwd, so a sandbox is created upon entry into a project directory and disposed of upon exit. That way one doesn't have to _think_ about sandboxing something.

Replies

atombender • last Monday at 3:08 AM

Today, Claude Code said:

    • The build failed due to sandbox
    permission issues with Xcode's
    Deriveddata folder, not code
    errors. Let me retry with
    sandbox disabled.

...and proceeded to do what it wanted.

Is it really sandboxing if the LLM itself can turn it off?

alt Hacker News

Replies