Pure-LLM lockdown mode with --tools ""
Tell claude it has zero built-in tools. The pipe data is the only context. Bulletproof for production cron jobs — claude literally cannot touch your filesystem.
Setup
- → claude /login OR export ANTHROPIC_API_KEY=sk-…
Cost per run
<$0.01
The one-liner
$ curl -s "https://hn.algolia.com/api/v1/search?tags=front_page&hitsPerPage=20" \
| jq -r '.hits[] | "- \(.title)"' \
| claude -p \
--tools "" \
--no-session-persistence \
"Extract the 3 titles most relevant to AI inference cost. Output as a markdown list. No other prose."What each stage does
- [01] curl
curl … hn.algolia.com/api/v1/search?tags=front_page …HN's current front page via Algolia. - [02] jq
jq -r '.hits[] | "- \(.title)"'Markdown bullet list of titles — tight prompt input. - [03] claude
--tools ""Empty string disables ALL built-in tools (Bash, Read, Edit, Grep, ...). Claude is reduced to pure LLM with stdin as its only context. Perfect for production: even if a malicious prompt tells claude to `rm -rf /`, claude has no tool to do it. - [04] claude
--no-session-persistenceDon't write the session to disk. Required for cron — no on-disk traces, no growing session files.
Expected output (sample)
- The hidden cost of LLM batching - Apple Silicon M5 Pro benchmarks - A vector DB in 200 lines of Rust
Caveats & tips
- `--tools ""` disables built-in tools only — MCP tools loaded via --mcp-config remain available. Combine with `--strict-mcp-config` for full lockdown.
- For scoped tool access: `--tools "Read,Grep,Glob"` (read-only) or `--allowedTools "Bash(git log:*)"` (per-pattern allowlist).