Claude is very good at figuring out how to work around limitations (which is probably one reason why it’s also good at finding security issues).
At work, the monorepo is enormous and files are loaded on-demand as needed. This isn’t uncommon with huge repos - Microsoft have VFS for Git (although I hear that’s deprecated now), Meta have EdenFS, and Google has some proprietary solution.
We have a hook that blocks find and grep because they can be extremely slow, and tells it to instead use some significantly faster MCP tools to search the codebase, powered by a search index with local changes overlaid.
GPT-5.5 has no problem with this. Claude Opus mostly does it, but sometimes it loves to find workarounds rather than following the instructions. Things like: Try alternative commands like egrep. Create a symlink to grep and run that to see if it bypasses the filtering. Run it with a different shell like zsh. Write a Python script that execs grep. Write a Python script to reimplement grep.
I’m trying Hermes Agent at home, but I have it in its own VM with restricted permissions.
Claude is in love with cli tools, it uses them for virtually everything these days in these long chains connected with && and |. This is probably pushing more and more people to let it run in the auto mode.
It makes sense… There’s a LOT of examples of using CLI tools in the training data. At work we’re moving away from MCP tools to instead using CLIs for everything.
Claude is very good at figuring out how to work around limitations (which is probably one reason why it’s also good at finding security issues).
At work, the monorepo is enormous and files are loaded on-demand as needed. This isn’t uncommon with huge repos - Microsoft have VFS for Git (although I hear that’s deprecated now), Meta have EdenFS, and Google has some proprietary solution.
We have a hook that blocks
findandgrepbecause they can be extremely slow, and tells it to instead use some significantly faster MCP tools to search the codebase, powered by a search index with local changes overlaid.GPT-5.5 has no problem with this. Claude Opus mostly does it, but sometimes it loves to find workarounds rather than following the instructions. Things like: Try alternative commands like egrep. Create a symlink to grep and run that to see if it bypasses the filtering. Run it with a different shell like
zsh. Write a Python script that execs grep. Write a Python script to reimplement grep.I’m trying Hermes Agent at home, but I have it in its own VM with restricted permissions.
Another thing Claude tried to do on my coworker’s machine yesterday was basically:
Giving Docker access to Claude is certainly a choice.
… especially if your user is in the docker group and doesn’t need sudo, LOL
Privilege escalation as a service
privilege elevator
Claude is in love with cli tools, it uses them for virtually everything these days in these long chains connected with
&&and|. This is probably pushing more and more people to let it run in the auto mode.It makes sense… There’s a LOT of examples of using CLI tools in the training data. At work we’re moving away from MCP tools to instead using CLIs for everything.
Just aliasing
greptoagsolves both issues. I’m unsure as to whether there’s a pthread replacement forfind, though.ag/rgdon’t work well in this particular scenario either. Because files are loaded on-demand, they end up trying to load the entire repo.