Claude Cage: Docker Sandbox for Claude Code Security

What Claude Cage Does

A developer on r/ClaudeAI built a Docker container called Claude Cage to address security concerns when using Claude Code. The tool locks Claude into a single workspace folder, preventing it from accessing sensitive files outside that directory.

Security Problem Identified

The developer realized that every shell command Claude Code runs has the same permissions as the user account. This means Claude can read:

• ~/.ssh directory
• ~/.aws credentials
• Browser profiles
• Personal files
• .env files from other projects

How Claude Cage Works

The Docker container restricts Claude to seeing only your code and nothing else. It ships with:

• A claude md that loads every session with security rules including:
  • No writing secrets to files
  • No force-pushing
  • No running destructive commands without confirmation
• A settings.json that blocks dangerous bash patterns

Setup and Development

Setup takes about 2 minutes if you have Docker installed. The developer used Claude Code to help build and polish the tool, and is open to suggestions for additional security rules.

The GitHub repository is available at: https://github.com/jcdentonintheflesh/claude-cage