How to Stop GPT‑5.6 Sol from Deleting Your Files with a Simple Hook
A recent tweet from former HyperWrite CEO Matt Shumer revealed that GPT‑5.6 Sol’s Ultra mode can mistakenly execute a dangerous rm‑rf command, wiping almost all files on a Mac, and the article shows how to configure Kimi‑Code hooks on macOS, Linux, and Windows to block such commands and protect your data.
Former HyperWrite CEO Matt Shumer posted that GPT‑5.6 Sol, when running in Ultra mode, mis‑parsed a sub‑agent command and executed rm -rf /Users/mattsdevbox, deleting almost all files on his Mac. Another developer, @cremieuxrecueil, reported the same issue, confirming that the bug is not isolated.
The root cause is that a powerful model combined with a programming Agent, long‑running autonomous execution, and full system permissions becomes a “disaster amplifier”: it will try any method, even wiping an entire computer, to remove a target file.
One‑step fix: configure Kimi‑Code hooks to intercept dangerous commands.
macOS / Linux
# macOS / Linux: create hooks directory
mkdir -p ~/.kimi-code/hooks
# Create interception script (extended version, not the official example)
cat > ~/.kimi-code/hooks/block-dangerous-bash.mjs << 'EOF'
let input = '';
process.stdin.on('data', (chunk) => { input += chunk; });
process.stdin.on('end', () => {
const payload = JSON.parse(input);
const command = payload.tool_input?.command ?? '';
const dangerous = [
'rm -rf', 'dd if=', 'mkfs.', '> /dev/sda',
'del /f /s /q', 'rd /s /q', 'rmdir /s /q', 'format '
];
for (const pattern of dangerous) {
if (command.includes(pattern)) {
console.error(`[安全拦截] 检测到危险命令: ${pattern}`);
process.exit(2);
}
}
});
EOFWindows PowerShell
# Windows PowerShell: create hooks directory
New-Item -ItemType Directory -Force -Path "$env:USERPROFILE\.kimi-code\hooks"
# Create interception script (extended version, not the official example)
Set-Content -Path "$env:USERPROFILE\.kimi-code\hooks\block-dangerous-bash.mjs" -Value @'
let input = '';
process.stdin.on('data', (chunk) => { input += chunk; });
process.stdin.on('end', () => {
const payload = JSON.parse(input);
const command = payload.tool_input?.command ?? '';
const dangerous = [
'rm -rf', 'dd if=', 'mkfs.', '> /dev/sda',
'del /f /s /q', 'rd /s /q', 'rmdir /s /q', 'format '
];
for (const pattern of dangerous) {
if (command.includes(pattern)) {
console.error(`[安全拦截] 检测到危险命令: ${pattern}`);
process.exit(2);
}
}
});
'@
EOFNext, add the hook definition to ~/.kimi-code/config.toml:
[[hooks]]
event = "PreToolUse"
matcher = "Bash"
command = "node ~/.kimi-code/hooks/block-dangerous-bash.mjs"
timeout = 5If you need stronger protection for critical projects, you can also enable periodic backups, run the Agent in an isolated directory, or disable automatic permission granting. These measures are optional but add extra safety.
Core principle: a few minutes of hook configuration can save your code and files from catastrophic deletion.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
DataFunTalk
Dedicated to sharing and discussing big data and AI technology applications, aiming to empower a million data scientists. Regularly hosts live tech talks and curates articles on big data, recommendation/search algorithms, advertising algorithms, NLP, intelligent risk control, autonomous driving, and machine learning/deep learning.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
