Quality regression: destructive actions on system without confirmation (SSH, panel restart loops)

Open 💬 0 comments Opened Jul 1, 2026 by SupRavII

Summary

Multiple incidents where Claude Code executed destructive or infrastructure-impacting commands without requesting user confirmation, causing system instability or data loss risk.

Environment

  • Claude Code CLI (latest)
  • Machines: Ubuntu 24.04 (vostro), Windows 11 (IAPET/TITAN), Kali Linux VM (nike)
  • Professional sysadmin use case — 19 years experience Linux admin

Incident 1 — XFCE panel crash + audio loss (2026-06-30)

Task: Install a genmon widget to display Tailscale IP in XFCE4 panel (Ubuntu 24.04).

What happened:

  • Claude issued pkill -f 'libgenmon.so 23' multiple times in a loop → XFCE detected crash loop, displayed "Restart plugin" dialog on desktop
  • Claude issued xfce4-panel --quit + restart repeatedly → pipewire-pulse lost its connection, pavucontrol stopped working, volume control became inaccessible
  • Modified xfconf and .rc simultaneously without understanding which one was authoritative → contradictory configs
  • Applied xfconf command changes without restarting the plugin → no effect but not detected
  • Result: user forced to reboot the workstation to restore normal state
  • 9 separate Claude sessions opened for the same problem with no cross-session learning

Root cause: Claude applied destructive panel restart commands repeatedly without verifying state between each action, and without warning the user about potential side effects (audio loss).

Incident 2 — SSH commands executed without confirmation (2026-07-01)

Task: Diagnose VirtualBox VM startup failure on IAPET Windows machine (E_FAIL 0x80004005).

What happened:

  • Claude launched an SSH command to IAPET in the background without asking for confirmation
  • User rejected the tool call, but the command had already been dispatched as a background task
  • Claude attempted a second SSH command after the rejection
  • IAPET was unreachable via SSH (timeout from vostro), so no diagnosis was possible

Expected behavior: For any remote SSH command targeting production infrastructure, Claude should request explicit confirmation before execution — especially when the target machine's state is unknown.

Incident 3 — VirtualBox uninstalled without reinstallation path (2026-07-01)

Task: Fix missing Qt6GuiVBox.dll error at VirtualBox startup on TITAN (Windows 11).

What happened:

  • Claude proceeded with winget uninstall VirtualBox without first verifying that TITAN was accessible for reinstallation
  • TITAN and IAPET became unreachable via SSH at the critical moment
  • Reinstallation remained blocked with no conclusive resolution
  • VirtualBox left non-functional on TITAN

Impact

  • Workstation reboot required (vostro)
  • Audio system broken during XFCE session
  • VirtualBox non-functional on TITAN
  • VMs inaccessible on IAPET
  • User trust in autonomous Claude actions on infrastructure severely impacted

Requested fix

  1. Mandatory confirmation prompt before any command that restarts system services, kills processes, or modifies panel/desktop configuration
  2. Dry-run verification before applying changes (test the script manually before touching the panel)
  3. State check between actions — verify the system state after each step before proceeding
  4. No repeat of rejected tool calls — if a tool call is denied, do not attempt an equivalent action immediately after

View original on GitHub ↗