[DOCS] Docs imply strict sandbox isolation but default config allows escape hatch (`allowUnsandboxedCommands: true`)
Documentation Type
Missing documentation (feature not documented)
Documentation Location
Section/Topic
The "Security benefits" and "Configure sandboxing" sections in sandboxing.md, and the Sandbox settings table in settings.md.
Current Documentation
In docs/en/settings.md, the table entry for allowUnsandboxedCommands states:
allowUnsandboxedCommands | Allow commands to run outside the sandbox via the dangerouslyDisableSandbox parameter... Default: true
In docs/en/sandboxing.md, under "Security benefits", it claims:
"Sandboxing addresses these challenges by... 3. Maintaining security: Attempts to access resources outside the sandbox trigger immediate notifications"
And under "Configure sandboxing":
"Claude Code includes an intentional escape hatch mechanism that allows commands to run outside the sandbox when necessary... commands that use this parameter go through the normal Claude Code permissions flow."
What's Wrong or Missing?
The documentation presents Sandboxing as a feature that provides "OS-level enforcement" and "Network isolation." However, because allowUnsandboxedCommands defaults to true, the default configuration of the sandbox is significantly less secure than implied by the "Security benefits" section.
If a command fails inside the sandbox, Claude is prompted to retry it outside the sandbox using the dangerouslyDisableSandbox parameter. While this does require user approval, it creates a workflow where the "isolation" is easily bypassed. Users might enable /sandbox thinking they are fully protected from untrusted code, not realizing the "escape hatch" is active by default.
Suggested Improvement
A prominent warning should be added to the docs/en/sandboxing.md file, specifically in the "Security benefits" or "Overview" section. It should clarify that strict isolation requires configuration changes.
Suggested Text:
<Warning> Default Configuration Warning: By default, theallowUnsandboxedCommandssetting istrue. This means if a command fails due to sandbox restrictions, Claude Code may prompt you to run the command outside the sandbox. For strict isolation where commands are never allowed to escape the sandbox environment, you must explicitly set"allowUnsandboxedCommands": falsein your settings. </Warning>
Impact
High - Prevents users from using a feature
Additional Context
This is a major documentation clarity issue because users often rely on sandboxing to run untrusted code. If they believe the sandbox is a hard boundary by default, they may inadvertently approve an unsandboxed command during a debugging session, compromising their system.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗