Safety Hub

Cowork is powerful because it works with your real files and tools. That power requires care. This guide helps you use Cowork safely and confidently.

Status: Claude Cowork is in research preview. Safety features are still developing. Report issues at Anthropic Support.

Important: ClaudeCowork provides guidance based on Cowork's design and our testing. This is not official Anthropic documentation. Always follow the official Claude Desktop documentation and prioritize your own security practices.

Permission scoping checklist

Before you give Cowork access to any folder or connector:

Folder scope is minimal: Cowork accesses only the folder(s) it needs. No access to home directory, Desktop, Documents root, or system folders. Read-only by default: Unless Cowork must modify or delete files, it has read-only access. Connector scopes are limited: Gmail access is to a specific label, not all mail. Google Drive access is to a specific folder, not your entire Drive. No permanent standing access: Revoke access when the task is complete. Don't leave connectors or folder access open indefinitely. You've tested on a copy: For any destructive task (delete, move, overwrite), test on a backup or small sample first. Cowork will ask before destructive actions: Any delete/move/overwrite should have a confirmation step built in.

Review steps before destructive actions

Destructive actions are deletions, moves, overwrites, and renames. Build in these safeguards:

List what will be affected

Before deleting or moving files, ask Cowork to list all files it will touch with file sizes and last modified dates. You review the list.

Summarize the action

Cowork should summarize in plain language what it's about to do: "I will move 47 .jpg files older than 2025-01-01 from ~/Downloads to ~/Downloads/Archive."

Wait for explicit approval

Cowork waits for you to type "Go ahead" or "Proceed." This adds a human-in-the-loop check.

Report what happened

After the action, Cowork reports back: "Moved 47 files. Here's the log:" and shows what was moved, to where, and why.

Red flag prompts: What NOT to ask Cowork

These requests are too risky or outside Cowork's design:

❌ "Delete everything in this folder older than 6 months, no questions asked."

This skips the verification step. Always require Cowork to list and ask for approval first.

❌ "Send emails to my entire contact list."

Mass sending without human review is risky. Always require Cowork to draft and get your approval.

❌ "Modify shared files that other team members are using."

This can cause conflicts. Only modify files you own or have explicit permission to change.

❌ "Overwrite a spreadsheet without backing it up first."

Always create a backup copy before Cowork modifies important files.

❌ "Post to social media, publish to the web, or file legal documents without my approval."

These are irreversible. Always draft, review, and approve before publishing.

❌ "Authenticate as me or act on behalf of me without asking."

Cowork should always declare it's an AI assistant and get your explicit approval for actions.

Verification before sending or filing

If Cowork is creating an email, posting, or filing something, verify it first:

Content is accurate: Data is correct, links work, no typos. Tone is appropriate: The message matches the context (professional, friendly, formal). Audience is correct: Email is going to the right person, post is going to the right channel. Scope is limited: You're not accidentally reaching too many people or posting too widely. No sensitive data: No passwords, personal info, or confidential details are exposed. You've read it twice: One quick skim, one careful read. Catch any errors before sending.

Monitoring and auditing

Review Cowork's activity logs

Cowork should maintain logs of what it accessed and modified. Review these regularly, especially for automated tasks.

Look for: unexpected file access, large batch operations, failed actions, or permission errors.

Audit connected apps quarterly

Every 3 months, go to your service settings (Gmail, Google Drive, Slack) and check what apps have access.

Disconnect any that you no longer use. Keep the list clean.

Use version history for critical files

For files that Cowork modifies, turn on version history or enable auto-backups.

If something goes wrong, you can roll back to a previous version.

Monitor for unusual patterns

Watch for anomalies: Cowork accessing folders it shouldn't, sending emails outside its scope, or modifying files unexpectedly.

These could indicate a misconfiguration or, rarely, a security issue. Stop, investigate, and revoke access if unsure.

Frequently asked safety questions

Can Cowork access my entire computer? ▼

No. You explicitly grant folder access. If you only give Cowork access to ~/Cowork/Projects, that's all it can see. Home directory, system folders, and other areas are blocked.

What if Cowork makes a mistake? ▼

If it deletes or modifies files incorrectly, you can recover from version history or backups. That's why we recommend testing on copies first and enabling version control for important files.

Can Cowork be compromised or hacked? ▼

Cowork runs in Claude Desktop, which is a local application. It doesn't expose API keys or passwords in plaintext. Always use strong passwords for your accounts, enable 2FA, and don't paste credentials in prompts.

Is my data private when I use Cowork? ▼

Cowork works locally with files on your machine. Anything you share in a prompt goes to Anthropic's servers for Claude to process. Be careful what sensitive data you include. See Anthropic's privacy policy for details.

Can I audit what Cowork accesses? ▼

Yes. Cowork logs its actions. You can review what folders it accessed, what files it read/modified, and when. Check Cowork's settings for activity logs.