Yes, you can create an SSH user that has read-only access and let Claude Code use that… this protects from unauthorized changes, but it will still be able to read sensitive information.
Your imagination is correct! the content of personal messages, hashed passwords, IP addresses, API keys, etc… lots of things.
It’s easier to create a duplicate site without sensitive data with the same configuration and use that as a sandbox. There are tradeoffs because you’d have to maintain a separate site and keep the configuration synced, and sometimes you might only be able to reproduce an issue in production, but it’s the safest way.
You’re right to be cautious… our own security policy on the Discourse team restricts this for us too, we can’t let an LLM access production databases.