Source: Reddit Post.

Claude CLI deleted my entire home directory! Wiped my whole mac.

I was having the Claude CLI clean up my packages in an old repo, and it nuked my whole Mac! What the hell? Has anyone ever had this happen? I’m trying to figure out if this is even reversible. So much work lost…

CLAUDE response - I found the problem and it’s really bad. Looking at your log, here’s the catastrophic command that was run:

bash

rm -rf tests/ patches/ plan/ ~/

See that ~/ at the end? That’s your entire home directory. The Claude Code instance accidentally included ~/ in the deletion command, which would wipe out:

  • Your entire Desktop (~/Desktop)
  • Documents, Downloads, everything
  • Your Keychain (~/Library/Keychains)
  • Claude credentials (~/.claude)
  • Application support data
  • Basically everything in /Users/…

This explains why:

  1. Your desktop is gone
  2. Your keychain was deleted
  3. Your Claude credentials disappeared
  4. The error at the end says “current working directory was deleted”
  • niemcycle@lemmy.ca
    18·
    8 days ago

    I imagine the reason it’s included is due to the training data containing so many sudo rm -rf ~/ jokes from Reddit

    • trolololol@lemmy.world
      1·
      8 days ago

      I am paranoid enough to have started looking into some kind of os level protection but couldn’t make significant progress. Is there anything out there easy to use where I can only give write access to the project folder? I’m in Linux but I’m also curious about Mac solution. I couldn’t care less about windows, I won’t touch that thing.

      • LiveLM@lemmy.zipEnglish
        1·
        7 days ago

        TL;DR:
        Easy-to-use? There’s easier and harder but I honestly can’t think of anything truly “Easy-to-use” or “Plug and play”, I’d recommend:

        • Good version control practices and habits (Git or others)
        • Proper and extensive backups
        • Containers (with the fewest permissions as possible).

        There’s many, like Firejail, Bubblewrap, FreeBSD jails, etc, but they aren’t easy-to-use even in the most remote sense of the expression.

        I think the most user-friendly (and still not really, there’s many foot-guns you could fall prey to) would be a properly configured Rootless Container setup (I understand Podman is currently the most used tool for this) and well configured container set to only expose the directory you need it to access.
        That, or a full blown Virtual Machine (kinda overkill?), again, given access to the one directory you need and nothing else.

        On MacOS, I understand that Docker (and other solutions???) run containers inside a Virtual Machine already, so I suppose over there you just do a properly configured container and don’t worry about rootless? Or roll a full VM since you’re technically already doing that behind the scenes anyway?

        I’m sorry, I wish I had better answers.
        I guess if I could really boil it down it would just be regular backups. Regular snapshots. 3-2-1, on-site, off-site, the whole 9 yards you’ve heard about a million times already y’know?
        On Linux you could look into the snapshot functionality offered by Copy-on-write filesystems (like ZFS, BTRFS) to further complement your backups.
        On MacOS I believe APFS and Time Machine (and other Mac Native backup tools?) are COW by default, but I have near zero experience with them.

        • trolololol@lemmy.world
          2·
          6 days ago

          Yep I explored a few of those options, including firejail which I couldn’t get started and bubble wrap where I got partial results.

          My main ide is Android studio, that excludes easy to use containers like docker because it’s too hard to set up a x11 forwarding on it, and as I leaned the hard way, there’s several folders that it needs access to, such as .Google, /dev, and so much more that I couldn’t trace yet.

          I think cow would be a massive problem, compiling does a LOT of writing and it’s probably going to throttle the CPU because of io. Not to mention quickly growing used disk space.

          If I ever get to a functional set up I’ll write something in medium.

          I haven’t come across anything worth investigating for Mac.

  • Rekall Incorporated@piefed.socialEnglish
    110·
    8 days ago

    In all fairness, it is likely such cases will be resolved by the service providers.

    Not to be overly arrogant, but I think this particular user would have been caught in similar situations unrelated to Claud CLI.

    • wholookshere@piefed.blahaj.zoneEnglish
      5·
      8 days ago

      I mean yes and no?

      the delete system 32 meme is an old meme.

      but how often are people really told to do something like that on the internet? If your in a forum, people don’t recommend steps like that, and certainly not without it being called out as such.

      so it’s possible to come across that on the internet, but way more rare than the two cases I’ve seen on the last couple of months from AI.

      • Rekall Incorporated@piefed.socialEnglish
        2·
        8 days ago

        I meant that Claud, Gemini, OpenAI will probably add additional hardcode limits for deleting your home directory.

        The individual in the reddit post let an LLM run deletion commands on their system (in my understanding with explicit approval) and they work in tech.

        • XLE@piefed.socialEnglish
          5·
          8 days ago

          Companies like OpenAI won’t even hardcode a shutdown command for conversations that go into suicide methods… They just talk about “guardrails” all day, which is apparently the AI equivalent of “thoughts and prayers”

        • wholookshere@piefed.blahaj.zoneEnglish
          3·
          8 days ago

          I mean they can try?

          the problem is computers tend to use unique paths to home. so I don’t know that you can fully solve it, without making something that’s actually knows what it’s doing. which LLMs are predictive text, not understanding.