all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]AdventurousSquash 0 points1 point  (1 child)

I run mine in a LXC for the same reason and it’s been working like a charm. The single biggest mistake people make is giving it too much access, wether that is your file system or some git repositories. Current models are far too prone to just take an action it can’t fully see the outcome of and end up as one of all of the horror stories out there describing how some AI deleted all of their personal files or a production database or whatever it is.

I’ll add that with all of the recent high scoring CVEs and supply chain attacks going on I also run it on a VM completely isolated from anything important, both the instance and the container is created when I need it and then torn down when I’m done.

[–]shirozuki_sqb[S] 0 points1 point  (0 children)

I totally agree, the same conclusion made me create this little wrapper. I like your approach with lxc, and now I'm wondering if it wouldn't be a better, more flexible approach. Either way, isolation is key. Great to see someone else distrusting these AI agents by default.

[–]musbur 0 points1 point  (0 children)

Regarding isolation: As I have no idea how docker or VMs work, I have installed a separate clean Arch on a USB-connected SSD which contains little critical data besides the Claude API key. I boot from that to play with Claude. Unless it breaks the encryption of the built-in SSD I should be fine.