[DOCS] Docs imply strict sandbox isolation but default config allows escape hatch (`allowUnsandboxedCommands: true`)

Resolved 💬 3 comments Opened Jan 22, 2026 by coygeek Closed Feb 28, 2026

Documentation Type

Missing documentation (feature not documented)

Documentation Location

Section/Topic

The "Security benefits" and "Configure sandboxing" sections in sandboxing.md, and the Sandbox settings table in settings.md.

Current Documentation

In docs/en/settings.md, the table entry for allowUnsandboxedCommands states:

allowUnsandboxedCommands | Allow commands to run outside the sandbox via the dangerouslyDisableSandbox parameter... Default: true

In docs/en/sandboxing.md, under "Security benefits", it claims:

"Sandboxing addresses these challenges by... 3. Maintaining security: Attempts to access resources outside the sandbox trigger immediate notifications"

And under "Configure sandboxing":

"Claude Code includes an intentional escape hatch mechanism that allows commands to run outside the sandbox when necessary... commands that use this parameter go through the normal Claude Code permissions flow."

What's Wrong or Missing?

The documentation presents Sandboxing as a feature that provides "OS-level enforcement" and "Network isolation." However, because allowUnsandboxedCommands defaults to true, the default configuration of the sandbox is significantly less secure than implied by the "Security benefits" section.

If a command fails inside the sandbox, Claude is prompted to retry it outside the sandbox using the dangerouslyDisableSandbox parameter. While this does require user approval, it creates a workflow where the "isolation" is easily bypassed. Users might enable /sandbox thinking they are fully protected from untrusted code, not realizing the "escape hatch" is active by default.

Suggested Improvement

A prominent warning should be added to the docs/en/sandboxing.md file, specifically in the "Security benefits" or "Overview" section. It should clarify that strict isolation requires configuration changes.

Suggested Text:

<Warning> Default Configuration Warning: By default, the allowUnsandboxedCommands setting is true. This means if a command fails due to sandbox restrictions, Claude Code may prompt you to run the command outside the sandbox. For strict isolation where commands are never allowed to escape the sandbox environment, you must explicitly set "allowUnsandboxedCommands": false in your settings. </Warning>

Impact

High - Prevents users from using a feature

Additional Context

This is a major documentation clarity issue because users often rely on sandboxing to run untrusted code. If they believe the sandbox is a hard boundary by default, they may inadvertently approve an unsandboxed command during a debugging session, compromising their system.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗