Accidentally created my first fork bomb with Claude Code
TL;DR Highlight
A real incident where Claude Code's SessionStart hook recursively spawned infinite Claude instances, creating a fork bomb that crashed a computer overnight and nearly resulted in a shocking API bill.
Who Should Read
Developers actively using AI coding agents like Claude Code or Cursor — especially anyone who has configured hooks or automation scripts — should read this.
Core Mechanics
- A developer created a SessionStart hook in Claude Code (a script that runs automatically when a session starts), configured to spawn 2 background CC (Claude Code) instances via the `claude -p ...` command. The problem was that each time a new instance started, the hook fired again, causing processes to explode exponentially: 1→2→4→8→...→2^N, creating a classic fork bomb.
- A fork bomb is a classic attack/mistake pattern where a process continuously clones itself until all system resources are exhausted. In this case, the developer left their desk at 2 AM without noticing, and the computer spent the entire night spinning up hundreds of Claude Code instances on its own before becoming completely unresponsive.
- When the developer came back at 11 AM the next morning, the mouse, keyboard, and trackpad were all unresponsive, and the machine was burning hot. Opening Activity Monitor revealed hundreds of CC instances running, with memory pressure maxed out in the red.
- After a forced restart, the first thing checked was the API bill — fortunately, only about $600 had been added. The damage was less than expected because Claude Code itself consumes enormous memory per instance through its Bun → React → TUI chain, causing memory to run out early and crashing the computer before the API charges could grow further. In other words, the software being heavyweight actually stopped the billing from spiraling further.
- The fix was simple: open `~/.claude/settings.json` and remove the offending SessionStart hook. Afterward, the developer verified no remaining instances were running in Activity Monitor, kept one hand on the power button, and cautiously ran `claude` again.
- This developer had been a heavy user of AI coding tools since early 2025, having used Cursor for over 310 million tokens. Initially skeptical about adopting agentic workflows, they decided that if it was inevitable, they might as well master it — signed up for Claude Code, dove deep, and that's when this incident occurred.
Evidence
- "Other developers shared similar experiences. One recounted unintentionally creating a fork bomb with Python multiprocessing code on Windows by failing to wrap the entry point in an `if __name__ == '__main__'` block — with context that Windows lacks Unix's `fork()`, so child processes re-execute the module. Another comment described experiencing a fork bomb from running official Microsoft OLE/COM sample code from the 90s, leading to the lesson of never blindly trusting even official documentation — a parallel to this incident where AI-generated code was placed directly into a hook. A humorous comment noted that calling it a \"first fork bomb\" implies a growth mindset — suggesting there will be more — and the community generally treated the incident as a rite of passage rather than a disaster. Questions were raised about why Claude Code intended to spawn 2 more CC instances in the SessionStart hook and what the purpose was, as the original post didn't explain this sufficiently — speculation pointed to an experiment with parallel task processing or a specific skill like `/adhd`. Many commenters were curious about the `/adhd` skill mentioned in the post (presumed to be a custom Claude Code feature for developers with ADHD), with some noting it sounded genuinely useful."
How to Apply
- "When configuring hooks like SessionStart or PostToolUse in Claude Code, running the `claude` or `cc` command inside a hook will spawn a new instance that triggers the same hook again, potentially creating a fork bomb. Never spawn Claude Code itself from within a hook script, and always review for recursion risks before deploying. Hook configurations for Claude Code are managed in `~/.claude/settings.json`. After creating a new hook, open Activity Monitor (Mac) or Task Manager (Windows) and visually verify that processes are not multiplying explosively while testing. If you spot anything suspicious, immediately remove the offending hook entry from `settings.json`. If you're using the Anthropic Claude API on a company account, set up daily cost alerts on the Usage page. As this incident shows, a single automation script mistake can rack up hundreds or thousands of dollars in a short time — early alerts can minimize the damage. Similar risks exist when writing parallel processing code using Python `multiprocessing` or `subprocess`. On Windows, always wrap your entry point in an `if __name__ == '__main__':` block to prevent child processes from re-executing the parent code."
Code Example
snippet
# Dangerous example - spawning a claude instance from a SessionStart hook causes a fork bomb
# ~/.claude/settings.json
{
"hooks": {
"SessionStart": [
{
"hooks": [
{
"type": "command",
# This command starts a new CC instance, which also runs the same hook → infinite spawning
"command": "claude -p 'some background task' &"
}
]
}
]
}
}
# Safely removing the hook
# 1. Open settings.json from the terminal
nano ~/.claude/settings.json
# 2. Delete the SessionStart hook entry and save
# If a fork bomb has already occurred (Mac)
pkill -f claude # Kill all claude processes
# If that doesn't work, force restart with the power buttonTerminology
fork bombA pattern where a process continuously clones (forks) itself until all system resources are exhausted. One becomes two, two become four, four become eight — growing exponentially until the computer crashes.
SessionStart hookA script in Claude Code that can be configured to run automatically whenever a new session starts. Configured in `~/.claude/settings.json`, if written incorrectly it can execute infinitely every time a session opens.
CC (Claude Code)An AI coding agent CLI tool built by Anthropic. Run via the `claude` command in the terminal, it allows collaborative AI-assisted code writing, editing, and execution.
agentic workflowA mode of operation where AI autonomously makes decisions and uses multiple tools in sequence to complete tasks without step-by-step human instruction — going beyond simple Q&A to independently execute code, modify files, and more.
Activity MonitorThe macOS task manager. Displays a real-time list of running processes along with CPU and memory usage. In this incident, it was the tool used to discover hundreds of running `claude` processes.
BunA high-performance JavaScript runtime designed as a Node.js replacement. Claude Code uses it internally via a Bun → React → TUI chain, which causes each instance to consume a significant amount of memory.
Related Papers
Show HN: adamsreview – better multi-agent PR reviews for Claude Code
Claude Code에서 최대 7개의 병렬 서브 에이전트가 각각 다른 관점으로 PR을 리뷰하고, 자동 수정까지 해주는 오픈소스 플러그인이다. 기존 /review나 CodeRabbit보다 실제 버그를 더 많이 잡는다고 주장하지만 커뮤니티에서는 복잡도와 실효성에 대한 회의론도 나왔다.
How Fast Does Claude, Acting as a User Space IP Stack, Respond to Pings?
Claude Code에게 IP 패킷을 직접 파싱하고 ICMP echo reply를 구성하도록 시켜서 실제로 ping에 응답하게 만든 실험으로, 'Markdown이 곧 코드이고 LLM이 프로세서'라는 아이디어를 네트워크 스택 수준까지 밀어붙인 재미있는 사례다.
Show HN: Git for AI Agents
AI 코딩 에이전트(Claude Code 등)가 수행한 모든 툴 호출을 자동으로 추적하고, 어떤 프롬프트가 어느 코드 줄을 작성했는지 blame까지 가능한 버전 관리 도구다.
Principles for agent-native CLIs
AI 에이전트가 CLI 도구를 더 잘 사용할 수 있도록 설계하는 원칙들을 정리한 글로, 에이전트가 CLI를 도구로 활용하는 빈도가 높아지면서 이 설계 방식이 실용적으로 중요해지고 있다.
Agent-harness-kit scaffolding for multi-agent workflows (MCP, provider-agnostic)
여러 AI 에이전트가 서로 역할을 나눠 협업할 수 있도록 조율하는 scaffolding 도구로, Vite처럼 설정 없이 빠르게 멀티 에이전트 파이프라인을 구성할 수 있다.
Show HN: Tilde.run – Agent sandbox with a transactional, versioned filesystem
AI 에이전트가 실제 프로덕션 데이터를 건드려도 롤백할 수 있는 격리된 샌드박스 환경을 제공하는 도구로, GitHub/S3/Google Drive를 하나의 버전 관리 파일시스템으로 묶어준다.