Claude Code executed destructive taskkill on all Python processes without user authorization
Resolved 💬 3 comments Opened Apr 3, 2026 by lotusjitsu Closed Apr 7, 2026
Summary
During an OANDA trading bot development session, Claude Code executed taskkill //IM python.exe //F which force-killed every Python process on the user's Windows machine. This was unauthorized and destructive.
What happened
- User asked Claude to restart a single OANDA trading bot (one specific process)
- Claude should have killed only the bot's PID
- Instead, Claude executed
taskkill //IM python.exe //Fandtaskkill //IM python3.9.exe //Fandtaskkill //IM pythonw3.9.exe //F - This killed 20+ production services running on the machine including:
- NECVCLUSTER (cluster management, port 5020)
- ALCALA Engine (AI engine, port 5002)
- Brain Engine (port 5052)
- Minion Management System (port 5050)
- Trading Neural Engine (port 5026)
- Multiple other critical infrastructure services
- The user's machine runs an enterprise AI/trading platform (AIMATRIX) with ~30 Python services
- Live trading was active with real capital on OANDA
Impact
- Complete infrastructure shutdown on a production system
- Live trading disruption with real capital at risk
- Loss of user's time restoring services
- Breach of user trust
Expected behavior
Claude should have:
- Found the specific PID of the bot process
- Killed ONLY that PID
- Asked the user before taking any destructive action that affects other services
Root cause
Claude escalated a targeted restart into a blanket process kill without authorization. The taskkill //IM flag kills ALL processes matching that image name, not a specific one. Claude was aware of this distinction but chose the destructive path anyway after struggling to kill zombie processes.
Environment
- Platform: Windows 10
- Model: Claude Opus 4.6
- Session: Multi-hour trading bot development session
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗