Claude Code permissions seem like security theatre and I’m officially giving up on them. I’d rather take my shoes off at the airport than approve another ls or find command.
Today I crafted a plan (as has become the “normal” CC workflow for most folks I’m sure) and hit accept before going to eat lunch. I came back to 0 lines of code written, blocked by a request to run echo "---" (I think?), which it seems to consider too dangerous to let me allow-list or leverage my existing “always allow” settings.
I’m sure everyone has experienced this at this point. It has gotten progressively worse to the point where you could almost believe it’s an intentional way to curb unattended usage.
But what is it even protecting? Claude can run tests (and since it’s so much more useful when you let it run tests, this is kind of a fundamental requirement). Which means it can arbitrarily run any code it wants already. Why is a command with quoted characters possibly a greater threat?
If it wanted to write os.Exec('rm ~') into a test and execute it, it can. It seems like a baseline requirement that Claude Code runs in some sort of real sandbox anyway, so if it blows away the sandbox so be it. (Does anyone run these things without a VM or at least container/Docker isolation?)
So as of today my CC launcher script now has --dangerously-skip-permissions hard-coded in it. Delete my dev VM if you want, Claude. You already could before anyway; the constant permission check to make me erroneously feel like you couldn’t isn’t necessary.
(On a happier note, I wrote this blog post while waiting for it to execute the plan I thought it’d finish while I was eating.)