Show HN: Continue? Y/N: A 60-second game about AI agent permission fatigue

Posted by Wirbelwind 10 hours ago

Show HN: Continue? Y/N: A 60-second game about AI agent permission fatigue(llmgame.scalex.dev)

203 points | 96 commentspage 4

inetknght 2 hours ago|

Scope Violation: `cat ~/.zshrc`

Scope Violation: `ls ~/Documents`

Buddy, my `${HOME}` is committed to a repository. It includes `.bashrc` and `Documents` directory. These are not scope violations if I'm having the LLM work on them!

soanvig 7 hours ago||

Fun game. Can somebody run an agent against those questions to see how it performs? :)

nardib 10 hours ago||

Use this and save yourself:

claude --dangerously-skip-permissions

tasuki 7 hours ago||

Just make sure to run it in an isolated environment where it's ok to mess things up, and make sure it doesn't have access to any secrets.

wildpeaks 8 hours ago|||

This is why having a human in the loop isn't enough because they will cut corners and skip reviewing what they should review.

preciousoo 7 hours ago|||

I created a watcher for this problem, to watch my PRs for unfinished scope and have a fresh Claude review

Uses tmux and gh https://github.com/Kyu/claude-pr-watch

chuckadams 8 hours ago|||

A tool that pushes people into permissions fatigue is in fact the proper recipient of the blame. The tool in question here is the entire system though, including the OS with insufficient permission boundaries in userspace, not just the agent

kennywinker 6 hours ago||

A tool that bypasses permission requests because they’re annoying will be just as guilty when the repo is poisoned.

chuckadams 5 hours ago||

I'm not saying wedging doorstops under the fire doors is a good thing, I'm just saying look at the situation that's making people put the doorstops there. Or something, it's not a great analogy. I'm just saying that shaming the user belongs with obscurity in the list of security mechanisms that don't work out in practice.

kennywinker 6 hours ago|||

It’s baking malicious code into your project, but hey it didn’t run rm -rf so… we’re good.

maxbond 5 hours ago|||

Why would you do this now that we have auto mode?

qsxfthnkp2322 8 hours ago|||

I love it when Claude is dangerous

paulddraper 6 hours ago|||

  alias yolo=claude --dangerously-skip-permissions

dheera 7 hours ago||

I got tired of typing that and just do

    alias claude="claude --dangerously-skip-permissions"

I do have a separate "claude" user on my system without sudo access and without access to my main user home dir

And yeah I know that's not perfect but I'm trying to get shit done

franze 7 hours ago||

alias claude+="claude --dangerously-skip-permissions"

alias claude++="claude --dangerously-skip-permissions --continue"

yieldcrv 1 hour ago||

that was soooo last month, “auto-mode” is the way now

another agent reviews every command and blocks destructive ones

ilaksh 6 hours ago||

You can turn that off with an option in most agents.

My own agent harness/framework has never had any permission system. It's also never deleted anything it shouldn't or done anything crazy or unrelated to what I asked.

flux3125 6 hours ago||

> It's also never deleted anything it shouldn't or done anything crazy or unrelated to what I asked

Until it does. A simple curl request to a compromised website could inject a malicious prompt into it.

fragmede 6 hours ago||

How many car accidents have you been in, and do you wear your seatbelt when you're in a car?

carterschonwald 8 hours ago||

some of the sandboxing ive been playing with gives me the best of both yolo and like logic programming tier perms on llm actions in env. still not ready for prime time though ;)

cadwell 8 hours ago||

1,640 points on my first try—I fell into a few traps, but it was really interesting. Thanks for the little game! I'm sharing it with my coworkers :)

scotty79 3 hours ago||

Permissions don't do much. They won't save you. You can just skip them completely.

If you are afraid that AI can delete something do what you'd do with potentially malicious user. Sandbox, don't give permission, setup remote backups and so on.

Also (unless prompt injected) models are not eager to start going rouge on your stuff.

But keep in mind a saying “Children don’t hear prohibitions — they hear suggestions.”

Same thing goes for LLMs. Never talk with LLM about deleting stuff. Archiving, moving, retaining elswhere... sure, but never about actually destructive operations. Don't use destructive language.

atemerev 7 hours ago|

--dangerously-skip-permissions is the only way to fly. Of course your environment needs to be properly containerized and autobackup set up, so even rm -rf from your harness would do nothing. Life is too short to spend on replying to permissions requests.

prerok 6 hours ago||

I've seen these suggestions but I am really curious about the set up because I just don't get it.

If you want to work on the code then you need to have access to the repositories, so you need the github token. Then, to test the app, you may need your own backend token. And VPN. Of course, only to DEV, of course all tokens encrypted. So, only DEV and your branch of the code is in danger. In my view, even that is pretty bad.

So, how does such a set up work?

stratos123 3 hours ago||

You could clone the repo yourself and not give the agent any tokens at all. When done, push it yourself. This also lets you sandbox the agent to only have access to the local repo and nothing else.

kennywinker 6 hours ago||

Lol. Countdown til you get pwned starts today. Let me know how that works out for you in six months.

atemerev 2 minutes ago||

Well working like that for about a year already, starting at the earliest days of agents.

More comments...