Show HN: Run Claude Code with –dangerously-skip-permissions in a Docker sandbox

[sayil]

Claude Code's --dangerously-skip-permissions flag lets agents run autonomously without interruption, but Anthropic warns you to only use it inside a sandboxed environment.

dangerously spins up an isolated Docker container, mounts your current project directory, and launches Claude Code inside it. This ensures file system changes are contained to your project.

One command to install, run it from any project folder: npm install -g dangerously dangerously

[jameschaearley]

Interesting idea. Does the Docker sandbox protect against anything beyond file system changes though? With --dangerously-skip-permissions the agent can still hit external APIs, databases, etc. from inside the container. Curious what the threat model is here.

[sayil]

That's a valid point. The primary protection is file system isolation. The agent can't touch anything outside your project directory, and it won't have destructive access to most external APIs unless you provide keys. The threat model is really about preventing unintended file system changes. Full network sandboxing isn't really viable since Claude Code needs internet access to function.