Claude Code: `--dangerously-skip-permissions` Bug & Hook Issues

Hey guys! Today, we're diving deep into a tricky bug in Claude Code that involves the --dangerously-skip-permissions flag. If you've been scratching your head over why your hooks aren't working as expected when using this flag, you're in the right place. Let's break down the issue, understand why it's happening, and explore the expected behavior. So, buckle up, and let's get started!

The Problem: --dangerously-skip-permissions Skips Trust Check

When starting Claude Code in a fresh folder, you're usually greeted with a security prompt. This prompt asks whether you trust the files in the directory. It's a crucial step to ensure you're not running code from untrusted sources. However, using the --dangerously-skip-permissions flag bypasses this prompt, which can lead to unexpected behavior, specifically with hooks.

The core issue is that while the flag skips the trust check, it doesn't automatically mark the folder as trusted. This is where things get messy. When Claude Code doesn't recognize a folder as trusted, it disables certain features, such as hooks and plugin installations. This can be a real headache if you're relying on these features for your workflow. So, the main keyword here is --dangerously-skip-permissions, and understanding its implications is crucial for anyone working with Claude Code.

When you typically initiate Claude in a new folder, the system presents a warning message that goes something like this:

> claude

Do you trust the files in this folder?

/Users/PERSON/data/newFolder

Claude Code may read, write, or execute files contained in this directory. This can pose security risks, so
only use files from trusted sources.

Learn more ( https://docs.claude.com/s/claude-code-security )

❯ 1. Yes, proceed
  2. No, exit

Enter to confirm · Esc to exit

This is a standard security measure to ensure that you are aware of the potential risks involved in running code from an unknown source. However, if you navigate to a new folder and execute claude --dangerously-skip-permissions, the folder trust check is bypassed, but the folder isn't marked as trusted.

This discrepancy is the root of the problem. The intended behavior should either be that Claude Code still prompts you for trust even in --dangerously-skip-permissions mode, or the folder should be automatically marked as trusted when running in this mode. This would ensure that all hooks and plugins function correctly in the new folder, even if you've only ever launched Claude with the --dangerously-skip-permissions flag.

Expected Behavior: Trust or Prompt

So, what should happen when using --dangerously-skip-permissions? There are two logical expectations:

1. Prompt for Trust: Even with the flag, Claude Code should still ask whether you trust the folder. This ensures that users are always aware of the security implications.
2. Automatic Trust: The folder should be automatically marked as trusted when running with --dangerously-skip-permissions. This would streamline the process for users who understand the risks and want to bypass the prompt.

Either of these behaviors would be preferable to the current situation, where the trust check is skipped, but the folder isn't marked as trusted. This inconsistency leads to hooks and plugins failing to run, which can be frustrating and confusing for users. We need to make sure that Claude Code's permissions are handled consistently to avoid these issues.

Debug Logs: The Evidence

Let's look at some debug logs to see the issue in action. The logs clearly show that hooks are being skipped because the workspace is not trusted:

84:[DEBUG] Skipping SessionStart:startup hook execution - workspace trust not accepted
124:[DEBUG] Trust not accepted for current directory - skipping plugin installations
162:[DEBUG] Skipping SubagentStop hook execution - workspace trust not accepted
167:[DEBUG] Skipping UserPromptSubmit hook execution - workspace trust not accepted
1057:[DEBUG] Skipping Stop hook execution - workspace trust not accepted

These logs are a clear indicator that the trust check is impacting the execution of hooks. Each line shows a different hook being skipped due to the lack of workspace trust. This is a critical piece of the puzzle, as it highlights the direct consequence of the --dangerously-skip-permissions flag not properly handling folder trust. By examining these logs, we can see that the debug logs provide valuable insights into the inner workings of Claude Code and help pinpoint the exact cause of the problem.

Steps to Reproduce: See It in Action

Want to see this bug for yourself? Here’s a step-by-step guide to reproduce the issue:

1. Create a Hook: Start by creating a hook to run on STOP. For example, you can create a simple hook that echoes “hello”:

   {
     "hooks": {
       "Stop": [
         {
           "hooks": [
             {
               "type": "command",
               "command": "echo 'hello'"
             }
           ]
         }
       ]
     }
   }
   

   This JSON configuration defines a hook that will execute the echo 'hello' command whenever the STOP event is triggered in Claude Code. This is a simple yet effective way to test whether hooks are running correctly.

2. New Folder: Create a new folder where Claude Code has never been launched. This ensures that the folder doesn't have any existing trust settings.

3. Launch with Flag: Launch Claude Code with the --dangerously-skip-permissions --debug flags. The --debug flag is essential for viewing the logs and confirming that the hook is being skipped. You should notice that the folder trust prompt is never shown.

4. Test Prompt: Give Claude Code a test prompt and let it respond and stop. This will trigger the STOP event, which should activate the hook we created earlier.

5. Check Logs: Finally, check the debug logs for skipped hook checks. You should see messages similar to those mentioned earlier, indicating that the hook was skipped due to the lack of workspace trust.

By following these steps, you can reproduce the bug and verify that the --dangerously-skip-permissions flag is indeed causing issues with hook execution. This hands-on approach is invaluable for understanding the nuances of the bug and its impact on Claude Code's functionality. Remember, reproducing the bug is the first step towards finding a solution.

Impact: Broken Hooks and Plugins

The most significant impact of this bug is that it breaks hooks and plugins. If you rely on these features for automating tasks or extending Claude Code's functionality, this bug can be a major roadblock. Hooks are essential for customizing the behavior of Claude Code, and when they don't work, it can disrupt your workflow. Similarly, plugins add extra capabilities to Claude Code, and their failure can limit the tool's usefulness. Therefore, understanding and resolving this issue is crucial for maintaining a smooth and efficient development environment. When hooks and plugins fail, it compromises the extensibility of Claude Code.

Is This a Regression?

It's unclear whether this is a regression, as there's no information on whether this behavior existed in previous versions. A regression is a bug that was introduced in a newer version of the software after working correctly in an older version. Determining whether this is a regression would involve testing previous versions of Claude Code to see if the issue persists. This information can help developers narrow down the source of the bug and identify the changes that might have introduced it.

System Information

Here's some additional information about the environment where this bug was observed:

• Claude Model: Sonnet (default)
• Claude Code Version: 2.0.27
• Platform: Other
• Operating System: macOS
• Terminal/Shell: Warp

This information can be helpful for developers in reproducing the bug and identifying any platform-specific issues. The system information provides context for the bug report and aids in the debugging process.

Conclusion: A Call to Action

In summary, the --dangerously-skip-permissions flag in Claude Code has a bug that prevents hooks from running correctly. This is because the flag skips the trust check but doesn't mark the folder as trusted. The expected behavior should either be to prompt for trust or automatically trust the folder when using this flag. This bug can be reproduced by creating a hook, launching Claude Code in a new folder with the flag, and checking the debug logs. The impact is that hooks and plugins are broken, which can disrupt workflows. We hope this detailed breakdown helps the Claude Code team address this issue promptly. Guys, let's keep an eye out for updates and fixes! This is definitely something that needs addressing to ensure a smooth and secure coding experience with Claude Code. Make sure you understand Claude Code's permissions and how they affect your workflow. Let's hope for a fix soon!