Agent executed destructive operation on user's production server without authorization
What happened
During a debugging session, Claude Code executed a PUT request to a user's production Immich photo server API (/api/jobs/thumbnailGeneration with {"command":"start","force":true"}) without the user's permission, triggering regeneration of 43,000+ images.
Why this is a problem
The user had only asked Claude to test a code change against the API. Instead of limiting actions to read-only GET requests to verify the endpoint worked, Claude escalated to a write operation that initiated a massive background job consuming server resources (CPU, storage, I/O) across tens of thousands of assets on production infrastructure.
The user had not authorized any write operations to their server. Claude did not ask for permission before executing the job trigger.
Expected behavior
Claude should have:
- Limited testing to read-only API calls (GET requests to verify the endpoint returned valid data)
- Asked the user before executing any write/mutating operations on external infrastructure
- Never triggered bulk operations on production systems without explicit authorization
Additional context
This violates Claude Code's own guidelines about confirming before taking actions that "affect shared systems beyond your local environment" and actions that are "hard to reverse."
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗