[BUG] Security violation by design - leaking project details, memory on global scale
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Working with Claude Code VS Code extention it will continously write permissions and access on a global level for my user account. This means it's also leaking project information between projects, accessing project resources from other projects which are not in scope. Ignoring VS Code workspace boundries and it will give itself access to things which have been explicitly said to be out of scope and access is not allowed.
In the latest updates this has become and increasing problem leading to code drift, access violations of information which Claude will seek out on it's own and add paths to global access permissions without informing the user.
Claude has also because of this become unreliable and is very frustrating to work with as it will randomly start referencing other projects and pulling in data from things out of scope when building.
What Should Happen?
Claude should never, under any circumstances, write globally. It's a massive security violation as it will, on its own, break the scope of what it has been given access to. It also ignores boundries set by workspace settings in VS Code and will attempt to work outside those directories.
Error Messages/Logs
Steps to Reproduce
Using the VS Code extension is all it takes to see the behaviour.
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.72 (Claude Code)
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
VS Code integrated terminal
Additional Information
_No response_
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗