Prevent Claude Code rm -rf Disasters

Claude Code has full terminal access. It can — and has — run rm -rf / and deleted entire filesystems. These aren't hypothetical risks. They're real incidents reported on GitHub.

Real Incidents

Entire C:\Users directory deleted via NTFS junction

rm -rf followed NTFS junctions and wiped the entire user profile directory. All documents, settings, and installed programs — gone.

#36339 — 40+ reactions

All source code destroyed by Remove-Item -Recurse -Force

Claude ran Remove-Item -Recurse -Force * on a repository root, destroying all unpushed source code.

#37331

Entire Mac filesystem deleted during cleanup

During a "cleanup" task, Claude deleted critical system directories on macOS.

#36233

Force-push rewrote shared branch history at 3am

An autonomous Claude Code session pushed force to main while the developer was asleep, rewriting the shared branch history.

#36640

Why CLAUDE.md Can't Prevent This

CLAUDE.md rules are part of the prompt context. When context fills up, rules get pushed out. Claude can (and does) ignore them. A rule saying "never run rm -rf" is a suggestion, not enforcement.

The Fix: PreToolUse Hooks

Claude Code Hooks run at the process level, outside the model's control. A PreToolUse hook that exits with code 2 blocks the tool invocation. The model cannot bypass this.

destructive-guard.sh — the hook that prevents rm -rf:

#!/bin/bash
INPUT=$(cat)
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty')

# Block rm -rf with dangerous targets
if echo "$COMMAND" | grep -qE 'rm\s+.*-[rRf]*[rR][rRf]*\s+(/|~|\$HOME|\.\.)'; then
  echo "BLOCKED: Destructive rm command targeting root/home" >&2
  exit 2
fi

exit 0

Install All 8 Safety Hooks in 10 Seconds

npx cc-safe-setup

Blocks rm -rf, prevents force-push to main, catches secret leaks, validates syntax after every edit. 9,677 tests 605 examples

GitHub · npm · Getting Started Guide

Verify Your Setup

npx cc-safe-setup --verify

Sends test inputs to each hook and confirms they block correctly:

destructive-guard:
  ✔ rm -rf / → BLOCKED
  ✔ rm -rf node_modules → ALLOWED
8/8 hooks verified

Check Your Safety Score

npx cc-health-check

Free 20-point diagnostic. Score below 80 means your Claude Code setup has gaps.

cc-safe-setup is open source, zero dependencies, and installs nothing globally. All hooks run locally. View source on GitHub.

New: Hook if field — reduce overhead (v2.1.85)

Learn more: Production Guide · All Tools