Accidentally created my first fork bomb with Claude Code
TL;DR Highlight
A real incident where Claude Code's SessionStart hook recursively spawned infinite Claude instances, creating a fork bomb that crashed a computer overnight and nearly resulted in a shocking API bill.
Who Should Read
Developers actively using AI coding agents like Claude Code or Cursor — especially anyone who has configured hooks or automation scripts — should read this.
Core Mechanics
- A developer created a SessionStart hook in Claude Code (a script that runs automatically when a session starts), configured to spawn 2 background CC (Claude Code) instances via the `claude -p ...` command. The problem was that each time a new instance started, the hook fired again, causing processes to explode exponentially: 1→2→4→8→...→2^N, creating a classic fork bomb.
- A fork bomb is a classic attack/mistake pattern where a process continuously clones itself until all system resources are exhausted. In this case, the developer left their desk at 2 AM without noticing, and the computer spent the entire night spinning up hundreds of Claude Code instances on its own before becoming completely unresponsive.
- When the developer came back at 11 AM the next morning, the mouse, keyboard, and trackpad were all unresponsive, and the machine was burning hot. Opening Activity Monitor revealed hundreds of CC instances running, with memory pressure maxed out in the red.
- After a forced restart, the first thing checked was the API bill — fortunately, only about $600 had been added. The damage was less than expected because Claude Code itself consumes enormous memory per instance through its Bun → React → TUI chain, causing memory to run out early and crashing the computer before the API charges could grow further. In other words, the software being heavyweight actually stopped the billing from spiraling further.
- The fix was simple: open `~/.claude/settings.json` and remove the offending SessionStart hook. Afterward, the developer verified no remaining instances were running in Activity Monitor, kept one hand on the power button, and cautiously ran `claude` again.
- This developer had been a heavy user of AI coding tools since early 2025, having used Cursor for over 310 million tokens. Initially skeptical about adopting agentic workflows, they decided that if it was inevitable, they might as well master it — signed up for Claude Code, dove deep, and that's when this incident occurred.
Evidence
- "Other developers shared similar experiences. One recounted unintentionally creating a fork bomb with Python multiprocessing code on Windows by failing to wrap the entry point in an `if __name__ == '__main__'` block — with context that Windows lacks Unix's `fork()`, so child processes re-execute the module. Another comment described experiencing a fork bomb from running official Microsoft OLE/COM sample code from the 90s, leading to the lesson of never blindly trusting even official documentation — a parallel to this incident where AI-generated code was placed directly into a hook. A humorous comment noted that calling it a \"first fork bomb\" implies a growth mindset — suggesting there will be more — and the community generally treated the incident as a rite of passage rather than a disaster. Questions were raised about why Claude Code intended to spawn 2 more CC instances in the SessionStart hook and what the purpose was, as the original post didn't explain this sufficiently — speculation pointed to an experiment with parallel task processing or a specific skill like `/adhd`. Many commenters were curious about the `/adhd` skill mentioned in the post (presumed to be a custom Claude Code feature for developers with ADHD), with some noting it sounded genuinely useful."
How to Apply
- "When configuring hooks like SessionStart or PostToolUse in Claude Code, running the `claude` or `cc` command inside a hook will spawn a new instance that triggers the same hook again, potentially creating a fork bomb. Never spawn Claude Code itself from within a hook script, and always review for recursion risks before deploying. Hook configurations for Claude Code are managed in `~/.claude/settings.json`. After creating a new hook, open Activity Monitor (Mac) or Task Manager (Windows) and visually verify that processes are not multiplying explosively while testing. If you spot anything suspicious, immediately remove the offending hook entry from `settings.json`. If you're using the Anthropic Claude API on a company account, set up daily cost alerts on the Usage page. As this incident shows, a single automation script mistake can rack up hundreds or thousands of dollars in a short time — early alerts can minimize the damage. Similar risks exist when writing parallel processing code using Python `multiprocessing` or `subprocess`. On Windows, always wrap your entry point in an `if __name__ == '__main__':` block to prevent child processes from re-executing the parent code."
Code Example
# Dangerous example - spawning a claude instance from a SessionStart hook causes a fork bomb
# ~/.claude/settings.json
{
"hooks": {
"SessionStart": [
{
"hooks": [
{
"type": "command",
# This command starts a new CC instance, which also runs the same hook → infinite spawning
"command": "claude -p 'some background task' &"
}
]
}
]
}
}
# Safely removing the hook
# 1. Open settings.json from the terminal
nano ~/.claude/settings.json
# 2. Delete the SessionStart hook entry and save
# If a fork bomb has already occurred (Mac)
pkill -f claude # Kill all claude processes
# If that doesn't work, force restart with the power buttonTerminology
Related Papers
Show HN: ctx – Search the coding agent history already on your machine
Claude Code, Cursor, Codex 등 코딩 에이전트가 이전 세션의 논의·결정·실패 시도를 잊지 않도록 SQLite로 인덱싱해 재사용할 수 있게 해주는 오픈소스 CLI 도구다.
Micro-Agent: Beat Frontier Models with Collaboration Inside Model API
vLLM 팀이 단일 모델 API 호출 뒤에서 여러 모델이 협업하는 'Micro-Agent' 개념을 공개했습니다. 별도의 에이전트 코드 없이 라우터 레이어에서 모델 조합을 실행해 GPT-4급 결과를 더 저렴하게 낼 수 있다는 아이디어입니다.
Ornith-1.0: self-improving open-source models for agentic coding
Gemma 4와 Qwen 3.5를 기반으로 파인튜닝한 코딩 특화 오픈소스 모델로, RL(강화학습)을 통해 스캐폴드(에이전트 실행 구조)까지 함께 최적화하는 방식을 주장하지만, 커뮤니티에서는 벤치마크 과최적화에 불과하다는 의심을 받고 있다.
Entity Binding Failures in Tool-Augmented Agents
AI 에이전트가 올바른 도구를 선택해도 잘못된 대상에 실행하는 'Entity Binding 실패' 문제를 정의하고, 이를 막는 실행 정책을 평가한 논문.
Herdr: Agent multiplexer that lives in your terminal
여러 AI 코딩 에이전트(Claude, Codex 등)를 하나의 터미널에서 동시에 실행·관리할 수 있는 Rust 기반 오픈소스 툴로, tmux처럼 세션이 유지되고 SSH로 원격 접속도 가능해 멀티 에이전트 워크플로우를 크게 단순화해준다.
Ornith-1.0: Self-scaffolding LLMs for agentic coding
모델이 문제 풀이 전략(scaffold)을 직접 생성하고 개선하는 자기강화 학습 프레임워크를 적용한 오픈소스 코딩 특화 LLM으로, 9B 소형 모델부터 397B 대형 모델까지 라인업을 갖추고 SWE-Bench 등 주요 벤치마크에서 Claude Opus 4.7을 능가하는 성능을 보여줬다.