RSS

Dangerously-skip-permissions is the only safe mode

p44v9n1 pts0 comments

--dangerously-skip-permissions is the only safe mode | Granola--dangerously-skip-permissions is the only safe mode<br>Jim Fisher

May 11

Claude Code has a flag called --dangerously-skip-permissions.<br>Despite the name, I'm more nervous about engineers who don't use it.<br>If you run the default "permissions" mode, your Claude setup is probably unsafe.

--dangerously-skip-permissions lets the agent do anything it wants on your machine.<br>Sounds dangerous.<br>Claude could do real damage with the DATABASE_URL in your env files.

By default, Claude asks permission before it acts:<br>run a script, delete a file, make a network request.<br>Sounds sensible.<br>The human stays in the loop.

Now watch what happens after a few minutes.

Claude asks to write a script.<br>Writing files is safe.<br>Approve.<br>Claude asks to run the script.<br>The script looks safe.<br>Approve.<br>The script has a bug.<br>Claude edits it and asks to re-run.<br>Read the diff, approve.

After a handful of these, it starts to feel like real work, and the last ten were fine.<br>Probably fine. Approve.

I'm now effectively in --dangerously-skip-permissions mode,<br>except I have to sit at the keyboard to skip the permissions.<br>This is approval fatigue,<br>and it's why the default mode is worse than --dangerously-skip-permissions.

If approval doesn't work, what does?<br>Auth.

This is how we handle the same problem for humans at work.<br>Bob gets an access token.<br>He makes requests like "give me this file",<br>and the service authorizes him against a policy like "Bob owns this file".

Bob's permissions balance two things:<br>he needs access to be productive,<br>but he can also make mistakes, turn disgruntled, or lose his laptop.

Bob writes and runs any scripts he likes on his machine.<br>No human reads or approves them.<br>The auth policy is enforced by the services his scripts talk to.<br>Auth policies don't get tired.

Agents have the same shape.<br>They can be helpful. They can also turn stupid or malicious or both.<br>And we can't post a human behind every action.

So the equivalent of auth for Claude Code is auth.<br>Give him credentials. Let him run whatever scripts he wants with them.

Suppose you have two colleagues.<br>Bob runs Claude in regular permissions mode.<br>Alice runs Claude with --dangerously-skip-permissions.<br>Who is more likely to cause a production incident?

Bob makes me more nervous.<br>His discomfort with --dangerously-skip-permissions<br>means he knows his machine holds credentials he doesn't trust Claude with.<br>He's trying to verify every action, and eventually he will slip.

That's why --dangerously-skip-permissions is the safer mode.<br>It forces you to give your agent a working permissions system:<br>auth, not approval.

Jim Fisher, Founding Engineer

Share

permissions skip claude dangerously mode auth

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.