Claude Code - Footguns¶
Things that will burn you if you're not careful with Claude Code.
1. YOLO Mode on Infrastructure¶
YOLO mode auto-approves every command Claude Code wants to run. That includes terraform apply, kubectl delete, helm uninstall, and rm -rf. One bad inference and you've nuked a namespace.
# What you did
claude --dangerously-skip-permissions
# What happened
Claude Code ran: kubectl delete namespace production
# (it misunderstood "clean up the old deployment")
Gotcha: YOLO mode also auto-approves MCP tool calls, not just bash commands. If you have an MCP server connected to a production database or cloud account, every query and mutation is auto-approved. The blast radius includes every connected integration, not just the local shell.
Rule: Never use YOLO mode when Claude Code has access to production clusters, cloud accounts, or shared infrastructure. Use targeted permissions instead:
claude config set allowedTools '["Bash(kubectl get *)", "Bash(kubectl describe *)"]'
# Read-only kubectl is safe. Mutating kubectl is not.
2. Context Window Exhaustion¶
Long debugging sessions fill the context window. Claude Code starts forgetting your earlier conversation — including your constraints and instructions. You'll notice it: - Repeating approaches you already tried - Losing track of which files it modified - Ignoring CLAUDE.md instructions it followed earlier
Fix: Use /compact at milestones. For very long tasks, break into separate sessions. Watch for the context usage indicator.
Debug clue: If Claude Code starts saying "as we discussed earlier" about something you never discussed, or re-reads files it already read, context is likely exhausted. The CLAUDE.md instructions are re-injected at each turn, but earlier conversation context is compressed or dropped. Long sessions (50+ turns) are the danger zone.
3. The Overconfident Commit¶
Claude Code can commit and push code. If you say "commit this and push," it will. Even if the tests haven't run. Even if the linter hasn't passed.
You: Commit and push this fix.
Claude Code:
1. git add -A (including that debug print you forgot about)
2. git commit -m "fix: resolve auth issue"
3. git push origin main (directly to main, not a branch)
Rule: Always specify the target branch. Always say "run tests first." Better yet, put it in your CLAUDE.md:
## Git Rules
- Never push directly to main
- Always run `make test` before committing
- Use feature branches: claude/* prefix
4. Secrets in Context¶
Claude Code reads your files. If you have .env files, credentials in config, or API keys in your shell history, Claude Code may see them. It sends conversation context to Anthropic's API.
Mitigations:
- Add .env*, *.pem, *.key to .gitignore (Claude Code respects this for some operations)
- Never ask Claude Code to "read my AWS credentials"
- Use environment variable references in MCP configs (${VAR}), not actual values
- Be aware that anything in your conversation goes to the API
5. The Runaway Sub-Agent¶
Sub-agents (Agent tool) run autonomously. If you give vague instructions, a sub-agent might make dozens of file edits before returning. You'll get a summary, not a play-by-play.
You: Clean up the codebase.
Claude Code spawns a sub-agent that:
- Renames 47 files
- Deletes "unused" imports (some were used dynamically)
- Reformats everything to a different style
- "Improves" variable names
Fix: Be specific with sub-agent tasks. "Search for all uses of the old API endpoint" is better than "refactor the API."
6. Trusting Without Verifying¶
Claude Code's edits look clean and confident. But it can: - Introduce subtle bugs in edge cases - Use deprecated API arguments - Generate Terraform that validates but does the wrong thing - Write tests that pass but don't actually test the right behavior
Rule: Always run validation after Claude Code makes changes:
make test # Tests pass?
ruff check . # Lint clean?
terraform plan # Plan looks right?
git diff # Diff makes sense?
7. The Forgotten git add -A¶
When Claude Code commits, it may git add -A (add all files). This can accidentally stage:
- Debug files
- Temporary test fixtures
- IDE config files
- Large binaries
Fix: Configure Claude Code (via CLAUDE.md) to add specific files by name, not -A. Review the diff before approving a commit.
8. MCP Server Credential Leaks¶
MCP server configs live in .claude/settings.json. If you hardcode database passwords or API tokens in this file and commit it to git, those secrets are now in your repo history.
// BAD - hardcoded secret
{
"mcpServers": {
"postgres": {
"env": { "DATABASE_URL": "postgresql://admin:p4ssw0rd@prod.db:5432/app" }
}
}
}
// GOOD - environment variable reference
{
"mcpServers": {
"postgres": {
"env": { "DATABASE_URL": "${DATABASE_URL}" }
}
}
}
Add .claude/settings.local.json to .gitignore for secrets that vary per developer.
9. Over-Reliance for Incident Response¶
Claude Code is great for investigation but it doesn't have real-time awareness. It can't: - Watch logs streaming in real-time - Monitor dashboards for you - Know what changed in the last 5 minutes without you telling it - Understand the organizational context of who to page
Rule: Use Claude Code as a diagnostic assistant during incidents, not as the incident commander. The human drives; Claude Code investigates.
10. The Infinite Retry Loop¶
When a command fails, Claude Code may try to fix and retry. Sometimes it gets stuck in a loop — trying the same broken approach with minor variations. You'll burn through tokens and time.
Signs: Same error appearing 3+ times. Claude Code saying "let me try a different approach" but doing essentially the same thing.
Fix: Interrupt with Escape, provide the missing context it needs, or try a completely different approach. Don't let it spin.
11. Stale CLAUDE.md¶
Your CLAUDE.md says "run make test" but the Makefile changed last month and the target is now make check. Claude Code follows the stale instructions, the command fails, and it spends time debugging a non-issue.
Rule: Treat CLAUDE.md like production config — keep it current. Update it when you change build commands, validation steps, or project conventions.
12. Multi-Surface Blast Radius¶
Claude Code can edit files across your entire repo in one pass. A request like "update the API version everywhere" might touch application code, Terraform modules, Helm charts, CI pipelines, and documentation in a single sweep. One wrong pattern match and you've broken four systems.
Fix: Scope your requests: "Update the API version in the Helm chart values files only." For cross-cutting changes, ask Claude Code to show the plan before executing.