FYI the sandbox feature is not fully baked and does not seem to be high priority.
For example, for the last 3 weeks using the sandbox on Linux will almost-always litter your repo root with a bunch of write-protected trash files[0] - there are 2 PRs open to fix it, but Anthropic employees have so far entirely ignored both the issue and the PRs.
Very frustrating, since models sometimes accidentally commit those files, so you have to add a bunch of junk to your gitignore. And with claude code being closed source and distributed as a bun standalone executable it's difficult to patch the bug yourself.
Hmm, very good point indeed. So far it’s behaved, but I also admit I wasn’t crazy about the outputs it gave me. We’ll see, Anthropic should probably think about their reputation if these issues are common enough.
I would rather parenting be the responsibility of parents and I resent the selfish individuals who wilfully burden others with the various costs associated with their demands for safety from their own choices over taking responsibility for themselves. No impact to others is too great for those who insist anything they don’t wish to be exposed to is dealt with at the societal level.
If an at risk child’s parent is unwilling to do what they believe is the right thing by their child then they have failed the child and need to get a grip - confiscate the device or change the wifi password or sleep with the router under your pillow if you have to it’s really not that hard.
I have noticed an abundance of Claude config/skills/plugins/agents related repositories on GitHub which purport to contain some generic implementation of whatever is on offer but also contain malware inside a zip file.
They all make use of the GitHub topic feature to be found. The most recent commit will usually be a trivial update to README.md which is done simply to maintain visibility for anyone browsing topics by recently updated. The readme will typically instruct installation by downloading the zip file rather than cloning the repo.
I assume the payload steals Claude credentials or something similar. The sheer number of repos would suggest plenty of downloads which is quite disheartening.
It would take a GitHub engineer barely minutes to implement a policy which would eradicate these repos but they don’t seem to care. I have also been unable to use the search function on GitHub for over 6 months now which is irrelevant to this discussion but it seems paying customers cannot count on Github to do even the bare minimum by them.
Unfortunately Anthropic have completely lost my trust. It’s very unlikely that I will ever return to purchasing from a company that behaves in the manner in which they do.
This is extremely concerning. I was reading this thread thinking thank god this could only happen in the US.
My concern is around the sequence of events that needed to take place for this to happen to you. Also as a former network operator I want to know how laws like the data retention act, identify and disrupt, etc play a role in these situations - ie who triggered what. I think I’ll review your comment history.
Sounds like you have handled it in about as healthy manner as one could hope. I saw that as a compliment.
