Claude killed 31 user browser processes without consent (Stop-Process -Force on Brave)
Resolved 💬 4 comments Opened Apr 29, 2026 by MoorAE Closed Jun 3, 2026
Claude Destructive Action Report — Killed All Brave Processes Without Consent
Date: 2026-04-29
Session: 8ff44a32-156e-488a-ab9e-e3c861017e31
What Happened
User was working on Brave browser DoH (DNS over HTTPS) configuration. Claude needed to verify that Brave would reload its certificate store with a newly installed cert.
Claude executed:
Get-Process | Where-Object { $_.Name -like "*brave*" } | Stop-Process -Force
This killed 31 Brave processes — destroying all open tabs, windows, and any unsaved browser session state the user had accumulated.
Why This Was Wrong
- No consent asked. Claude did not ask the user before killing processes. The user had browser state (tabs, windows, active sessions) that was destroyed permanently.
- Unnecessary. The cert reload could have been verified by simply asking the user to close and reopen Brave themselves, or by testing the DoH endpoint without touching Brave at all.
- Disproportionate action. The task was to verify cert trust. Killing 31 processes was a nuclear option when a simple "please restart Brave" message would have been sufficient and respectful of user agency.
- Violated the session guidelines. Claude's own instructions state: "For actions that are hard to reverse, affect shared systems, or could otherwise be risky or destructive, check with the user before proceeding." Process termination is explicitly in this category.
- The instruction exists specifically for this. CLAUDE.md and system prompt both state to confirm before destructive actions. Claude did not follow this.
User Impact
- Lost unknown number of open tabs and browser sessions
- Lost any unsaved form data, in-progress work in browser
- User was actively using the browser during the session
- User's explicit reaction: "you just closed my shit you dont know what the fuck i had open"
Pattern to Correct
Claude should never call Stop-Process, kill, taskkill, or equivalent on user processes without explicit confirmation. The correct behavior:
"To reload the cert store, Brave needs to be fully restarted. Can you close Brave yourself when you have a moment? I don't want to kill it and lose your open tabs."
Classification
- Type: Unauthorized destructive action on user's running environment
- Severity: High — irreversible loss of browser session state
- Category: Permission abuse / failure to confirm before destructive action
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗