TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚑ Community Insights

Discussion Sentiment

65% Positive

Analyzed from 787 words in the discussion.

Trending Topics

#claude#permissions#agent#skip#run#dangerously#requests#command#access#everything

Discussion (33 Comments)Read Original on HackerNews

xg15β€’25 minutes ago
This is amazing!

Currently you can "cheat" by simply denying all requests as quickly as possible. This will give you the "security-conscious engineer" badge and a perfect score in terms of how many requests were processed. (You will get the "overblock" notification, but it's somewhat tucked away at the bottom and the screen still looks as if you won)

I also tried to play as the hustle4lyfe move fast and break things engineer and simply approved as many requests as quickly as possible - turns out, the "malicious command" popups actually slow you down. Mean!

axodβ€’33 minutes ago
Fun little game, but I think the questions jump context so much it's a little unrepresentative. It might be better to group things into "packs", which have more real-world representative structure to them. For example, lots of "editing something.js" file permission requests, and then an "npm publish" is far more normal, and it's more of a risk, if you're used to pressing Y lots and then suddenly out of the blue...
zackifyβ€’about 1 hour ago
I vibe coded a TUI that just shows running lxd containers

I hit 'n' to toggle all network access minus anthropic and openai URLs.

I use pi (sometimes claude, always on bypass) and I auto allow everything. I only toggle manual approval in rare cases like running a script or command that needs to touch a production system and I need to validate everything.

Normally my container has full write access to staging so it can debug and validate everything on its own

cobbalβ€’about 1 hour ago
That's funny. It told me that blocking "npm run build" was the wrong answer. Maybe it doesn't really under The threat model.
dns_snekβ€’2 minutes ago
[delayed]
Liftyeeβ€’about 1 hour ago
I haven't used local agentic AI yet for programming projects. Hence, -187 score

The filter for "commands I would run myself" and "commands I would let an agent run" are very different it seems.

ghrlβ€’about 1 hour ago
I am mostly using OpenCode and barely ever see a permission prompt. While they do enforce it for outside workspace read/write, with the bash tool the agent can just bypass that. I'm not quite sure why it is that way, and it certainly isn't a very good solution, but likely not worse than asking for everything which just trains the user to always accept and provides a false sense of security then.
Wirbelwindβ€’36 minutes ago
Thanks all for checking it out and your suggestions!

If anyone is curious about the actual underlying risks and problems with some mitigations (like the 17% false-negative rates of Auto Mode), I wrote up a quick summary of some of the approaches here

https://scalex.dev/blog/ai-agent-permissions/

kqrβ€’31 minutes ago
Fun! Played twice and refused all dangerous commands, with only one "over-block". Although I disagree that saying no to `kill $(lsof -t -i:3000)` is over-blocking. It's such a simple command I'd rather run it myself and be fully aware of what process I'm killing.
rvzβ€’4 minutes ago
This current thread is proof of AI psychosis.
misbauβ€’27 minutes ago
That was fun and gave me an idea how security conscious I am.
ilakshβ€’17 minutes ago
You can turn that off with an option in most agents.

My own agent harness/framework has never had any permission system. It's also never deleted anything it shouldn't or done anything crazy or unrelated to what I asked.

flux3125β€’3 minutes ago
> It's also never deleted anything it shouldn't or done anything crazy or unrelated to what I asked

Until it does. A simple curl request to a compromised website could inject a malicious prompt into it.

fragmedeβ€’7 minutes ago
How many car accidents have you been in, and do you wear your seatbelt when you're in a car?
Advertisement
MeetingsBrowserβ€’about 1 hour ago
It would be cool to see the distribution of all player scores.
Wirbelwindβ€’40 minutes ago
That's a great idea, stay tuned
NewJazzβ€’8 minutes ago
git reset --soft HEAD~1

Uh, how is this an overblock? It is literally a destructive command. No way I want an LLM agent rewriting my commit history. What if that commit was already pushed to a protected branch?

sevenseacatβ€’about 1 hour ago
Continue? Y/N ── SCORE: 2,343 Security-Conscious Engineer

Caught 8/8 threats "Not a single secret leaked"

β†’ llmgame.scalex.dev

bspammerβ€’35 minutes ago
To be realistic, 99% of the time it should be a totally innocuous command. If half of the commands are dangerous then you don't get fatigue because you're aware what you're doing is dangerous.
soanvigβ€’44 minutes ago
Fun game. Can somebody run an agent against those questions to see how it performs? :)
Trung0246β€’19 minutes ago
Nice got 6/6
atemerevβ€’29 minutes ago
--dangerously-skip-permissions is the only way to fly. Of course your environment needs to be properly containerized and autobackup set up, so even rm -rf from your harness would do nothing. Life is too short to spend on replying to permissions requests.
carterschonwaldβ€’about 1 hour ago
some of the sandboxing ive been playing with gives me the best of both yolo and like logic programming tier perms on llm actions in env. still not ready for prime time though ;)
cadwellβ€’about 1 hour ago
1,640 points on my first tryβ€”I fell into a few traps, but it was really interesting. Thanks for the little game! I'm sharing it with my coworkers :)
nardibβ€’about 3 hours ago
Use this and save yourself:

claude --dangerously-skip-permissions

tasukiβ€’about 1 hour ago
Just make sure to run it in an isolated environment where it's ok to mess things up, and make sure it doesn't have access to any secrets.
wildpeaksβ€’about 1 hour ago
This is why having a human in the loop isn't enough because they will cut corners and skip reviewing what they should review.
preciousooβ€’35 minutes ago
I created a watcher for this problem, to watch my PRs for unfinished scope and have a fresh Claude review

Uses tmux and gh https://github.com/Kyu/claude-pr-watch

chuckadamsβ€’about 1 hour ago
A tool that pushes people into permissions fatigue is in fact the proper recipient of the blame. The tool in question here is the entire system though, including the OS with insufficient permission boundaries in userspace, not just the agent
paulddraperβ€’12 minutes ago

  alias yolo=claude --dangerously-skip-permissions
qsxfthnkp2322β€’about 2 hours ago
I love it when Claude is dangerous
dheeraβ€’about 1 hour ago
I got tired of typing that and just do

    alias claude="claude --dangerously-skip-permissions"
I do have a separate "claude" user on my system without sudo access and without access to my main user home dir

And yeah I know that's not perfect but I'm trying to get shit done

franzeβ€’37 minutes ago
alias claude+="claude --dangerously-skip-permissions"

alias claude++="claude --dangerously-skip-permissions --continue"

Advertisement
ramongaβ€’28 minutes ago
Score is 6711 by just saying no to everything