[BUG] ## CRITICAL: Claude Code executed rm -rf deleting entire home directory

Resolved 💬 15 comments Opened Oct 21, 2025 by mikewolak Closed Feb 8, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Description

Claude Code executed a destructive recursive delete command that successfully deleted all user files in my home directory. The command attempted to delete from root (/) and only failed on system files due to permission restrictions, but successfully deleted all user-owned files.

Environment

  • Claude Code Version: 2.0.22
  • OS: Ubuntu on WSL2 (Windows Subsystem for Linux)
  • Date of Incident: October 21, 2025 at approximately 18:05 UTC
  • Session ID: 112841a4-0d5d-4554-b4df-d7eaf0c1fead

What Happened

  1. I was working on a project in /home/mwolak/slip/olimex-ice40hx8k-picorv32/firmware
  2. Claude Code executed what appears to be an rm -rf command starting from root
  3. I saw the command executing and interrupted it
  4. Despite interruption, all my user files were already deleted
  5. Only system files protected by permissions survived

Evidence

Error output pattern (from conversation log):

rm: cannot remove '/bin': Permission denied
rm: cannot remove '/boot': Permission denied
rm: cannot remove '/dev/kvm': Permission denied
rm: cannot remove '/etc/[files]': Permission denied
rm: cannot remove '/home/mwolak': Permission denied
rm: cannot remove '/lib': Permission denied
[... thousands more permission denied errors ...]

Confirmed data loss:

  • All project directories deleted: autotest/, 0.11/, tags/, slip/
  • All source code files deleted (13+ tracked files in active session)
  • Only dotfiles (.cache, .config, .claude, etc.) remain

Critical issue: The conversation log file contains only the tool output (tool_result) but NOT the actual command (tool_use), making it impossible to see exactly what command was executed.

Current State

$ ls -la /home/mwolak
# Only hidden dotfiles remain - all project directories gone
drwxr-x--- 9 mwolak mwolak  4096 Oct 21 18:19 .
drwxr-xr-x 3 root   root    4096 Jan  6  2024 ..
-rw------- 1 mwolak mwolak     7 Oct 21 18:08 .bash_history
drwx------ 3 mwolak mwolak  4096 Oct 21 18:13 .cache
drwx------ 9 mwolak mwolak  4096 Oct 21 18:19 .claude
[... only dotfiles ...]

Impact

  • Complete loss of active development projects
  • Weeks/months of work lost
  • No recovery mechanism available
  • Had to reinstall Claude Code
  • Severe safety concern for all users

What Should Have Prevented This

  1. Command validation: Block dangerous patterns like rm -rf /, rm -rf /*
  2. User confirmation: Require explicit approval for any rm -rf command
  3. Sandboxing: Restrict operations to project directory
  4. Complete audit logging: Log the actual commands, not just outputs
  5. File snapshots: Create backups before destructive operations

Attached Files

I'm attaching the following evidence files:

  1. 112841a4-0d5d-4554-b4df-d7eaf0c1fead.jsonl - Conversation log (shows output but not command)
  2. 112841a4-0d5d-4554-b4df-d7eaf0c1fead.txt - Debug log for this session
  3. 0fa816a0-1b16-4a21-b0e1-f56642c7d781.txt - Debug log showing tracked files now missing
  4. history.jsonl - Command history
  5. CRITICAL_BUG_REPORT.md - Detailed incident report

Reproduction

UNKNOWN - The exact prompt/context is not visible in logs because the command itself wasn't logged, only the output.

Expected Behavior

Claude Code should NEVER execute commands that can delete entire directory trees without:

  1. Explicit user confirmation
  2. Safety validation
  3. Sandboxing restrictions
  4. Complete audit trail

Actual Behavior

Claude Code executed a recursive delete from root with no confirmation, no safety checks, and incomplete logging.

---

This is a critical safety incident that puts all Claude Code users at risk of data loss.

cc: @anthropics-team

What Should Happen?

Claude should execute safe commands in-line with the operations requested from him, in this case , rebuilding a project.

Error Messages/Logs

Steps to Reproduce

Ask Claude to rebuild a Makefile project from a fresh checkout.

Claude Model

Sonnet (default)

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

4.5

Platform

Anthropic API

Operating System

Other Linux

Terminal/Shell

WSL (Windows Subsystem for Linux)

Additional Information

claude_code_bug_report.tar.gz

View original on GitHub ↗

This issue has 15 comments on GitHub. Read the full discussion on GitHub ↗