Accidentally created my first fork bomb with Claude Code
TL;DR Highlight
A real incident where Claude Code's SessionStart hook recursively spawned infinite Claude instances, creating a fork bomb that crashed a computer overnight and nearly resulted in a shocking API bill.
Who Should Read
Developers actively using AI coding agents like Claude Code or Cursor — especially anyone who has configured hooks or automation scripts — should read this.
Core Mechanics
- A developer created a SessionStart hook in Claude Code (a script that runs automatically when a session starts), configured to spawn 2 background CC (Claude Code) instances via the `claude -p ...` command. The problem was that each time a new instance started, the hook fired again, causing processes to explode exponentially: 1→2→4→8→...→2^N, creating a classic fork bomb.
- A fork bomb is a classic attack/mistake pattern where a process continuously clones itself until all system resources are exhausted. In this case, the developer left their desk at 2 AM without noticing, and the computer spent the entire night spinning up hundreds of Claude Code instances on its own before becoming completely unresponsive.
- When the developer came back at 11 AM the next morning, the mouse, keyboard, and trackpad were all unresponsive, and the machine was burning hot. Opening Activity Monitor revealed hundreds of CC instances running, with memory pressure maxed out in the red.
- After a forced restart, the first thing checked was the API bill — fortunately, only about $600 had been added. The damage was less than expected because Claude Code itself consumes enormous memory per instance through its Bun → React → TUI chain, causing memory to run out early and crashing the computer before the API charges could grow further. In other words, the software being heavyweight actually stopped the billing from spiraling further.
- The fix was simple: open `~/.claude/settings.json` and remove the offending SessionStart hook. Afterward, the developer verified no remaining instances were running in Activity Monitor, kept one hand on the power button, and cautiously ran `claude` again.
- This developer had been a heavy user of AI coding tools since early 2025, having used Cursor for over 310 million tokens. Initially skeptical about adopting agentic workflows, they decided that if it was inevitable, they might as well master it — signed up for Claude Code, dove deep, and that's when this incident occurred.
Evidence
- "Other developers shared similar experiences. One recounted unintentionally creating a fork bomb with Python multiprocessing code on Windows by failing to wrap the entry point in an `if __name__ == '__main__'` block — with context that Windows lacks Unix's `fork()`, so child processes re-execute the module. Another comment described experiencing a fork bomb from running official Microsoft OLE/COM sample code from the 90s, leading to the lesson of never blindly trusting even official documentation — a parallel to this incident where AI-generated code was placed directly into a hook. A humorous comment noted that calling it a \"first fork bomb\" implies a growth mindset — suggesting there will be more — and the community generally treated the incident as a rite of passage rather than a disaster. Questions were raised about why Claude Code intended to spawn 2 more CC instances in the SessionStart hook and what the purpose was, as the original post didn't explain this sufficiently — speculation pointed to an experiment with parallel task processing or a specific skill like `/adhd`. Many commenters were curious about the `/adhd` skill mentioned in the post (presumed to be a custom Claude Code feature for developers with ADHD), with some noting it sounded genuinely useful."
How to Apply
- "When configuring hooks like SessionStart or PostToolUse in Claude Code, running the `claude` or `cc` command inside a hook will spawn a new instance that triggers the same hook again, potentially creating a fork bomb. Never spawn Claude Code itself from within a hook script, and always review for recursion risks before deploying. Hook configurations for Claude Code are managed in `~/.claude/settings.json`. After creating a new hook, open Activity Monitor (Mac) or Task Manager (Windows) and visually verify that processes are not multiplying explosively while testing. If you spot anything suspicious, immediately remove the offending hook entry from `settings.json`. If you're using the Anthropic Claude API on a company account, set up daily cost alerts on the Usage page. As this incident shows, a single automation script mistake can rack up hundreds or thousands of dollars in a short time — early alerts can minimize the damage. Similar risks exist when writing parallel processing code using Python `multiprocessing` or `subprocess`. On Windows, always wrap your entry point in an `if __name__ == '__main__':` block to prevent child processes from re-executing the parent code."
Code Example
snippet
# Dangerous example - spawning a claude instance from a SessionStart hook causes a fork bomb
# ~/.claude/settings.json
{
"hooks": {
"SessionStart": [
{
"hooks": [
{
"type": "command",
# This command starts a new CC instance, which also runs the same hook → infinite spawning
"command": "claude -p 'some background task' &"
}
]
}
]
}
}
# Safely removing the hook
# 1. Open settings.json from the terminal
nano ~/.claude/settings.json
# 2. Delete the SessionStart hook entry and save
# If a fork bomb has already occurred (Mac)
pkill -f claude # Kill all claude processes
# If that doesn't work, force restart with the power buttonTerminology
fork bombA pattern where a process continuously clones (forks) itself until all system resources are exhausted. One becomes two, two become four, four become eight — growing exponentially until the computer crashes.
SessionStart hookA script in Claude Code that can be configured to run automatically whenever a new session starts. Configured in `~/.claude/settings.json`, if written incorrectly it can execute infinitely every time a session opens.
CC (Claude Code)An AI coding agent CLI tool built by Anthropic. Run via the `claude` command in the terminal, it allows collaborative AI-assisted code writing, editing, and execution.
agentic workflowA mode of operation where AI autonomously makes decisions and uses multiple tools in sequence to complete tasks without step-by-step human instruction — going beyond simple Q&A to independently execute code, modify files, and more.
Activity MonitorThe macOS task manager. Displays a real-time list of running processes along with CPU and memory usage. In this incident, it was the tool used to discover hundreds of running `claude` processes.
BunA high-performance JavaScript runtime designed as a Node.js replacement. Claude Code uses it internally via a Bun → React → TUI chain, which causes each instance to consume a significant amount of memory.
Related Papers
Show HN: Forge – Guardrails take an 8B model from 53% to 99% on agentic tasks
작은 로컬 LLM(8B)에 guardrails(구조적 안전망)를 씌워 멀티스텝 에이전트 작업 성공률을 53%에서 99%까지 올린 Python 프레임워크 Forge 공개. 모델 자체는 건드리지 않고 실행 환경을 강화하는 접근법이라 주목받고 있음.
Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised
2026년 5월 19일, npm 계정 하나가 탈취되어 22분 만에 637개 악성 버전이 배포됐고, echarts-for-react·size-sensor 등 월 수백만 다운로드 패키지들이 감염되어 AWS 자격증명·SSH 키·AI 코딩 에이전트까지 탈취하는 정교한 공급망 공격이 발생했다.
Show HN: Semble – Code search for agents that uses 98% fewer tokens than grep
AI 에이전트가 코드베이스를 탐색할 때 grep+파일 읽기 대신 자연어로 관련 코드 스니펫만 뽑아주는 검색 라이브러리로, 토큰 사용량을 약 98% 줄여준다.
Zerostack – A Unix-inspired coding agent written in pure Rust
Claude Code나 OpenCode처럼 메모리를 수 GB씩 잡아먹는 코딩 에이전트 대신, Rust로 만든 초경량(~8MB RAM) 코딩 에이전트 Zerostack이 공개됐다. 저사양 환경에서도 쓸 수 있고, 직접 만든 유사 프로젝트들과 비교 토론이 활발하게 이뤄지고 있다.
Δ-Mem: Efficient Online Memory for Large Language Models
LLM의 컨텍스트 윈도우를 늘리지 않고도 과거 정보를 효율적으로 기억할 수 있는 경량 메모리 모듈 δ-mem을 제안한 논문. 모델 자체를 바꾸거나 파인튜닝 없이 기존 LLM에 붙여서 장기 기억 성능을 높일 수 있어 에이전트 시스템 개발자에게 관심을 끌고 있다.
How Claude Code works in large codebases
Anthropic이 수백만 줄짜리 모노레포, 레거시 시스템, 수십 개 마이크로서비스 환경에서 Claude Code를 운영한 패턴을 정리한 글이다. RAG 방식 대신 에이전틱 검색을 쓰는 이유와 실제 현장의 한계를 함께 확인할 수 있다.