alt Hacker NewsWhile I agree that `--dangerously-skip-permissions` is (obviously) dangerous, it shouldn't be considered completely inaccessible to users. A few safeguards can sand off most of the rough edges.
What I've done is write a PreToolUse hook to block all `rm -rf` commands. I've also seen others use shell functions to intercept `rm` commands and have it either return a warning or remap it to `trash`, which allows you to recover the files.
Does your hook also block "rm -rf" implemented in python, C or any other language available to the LLM?
One obviously safe way to do this is in a VM/container.
Even then it can do network mischief