Feature Request: Color-code tool calls by danger level for better security visibility
Problem Statement
Currently, all tool calls in Claude Code appear with the same visual styling, making it difficult to quickly distinguish between safe operations (reading files) and dangerous operations (deleting files, dropping databases, modifying configurations). This can lead to:
- Security risks: Users may not notice destructive operations in time to cancel them
- Accidental data loss: Destructive commands blend in with safe commands
- Cognitive overhead: Users must carefully read each tool description to assess risk level
Proposed Solution
Implement color-coding for tool calls based on their danger level:
🔴 RED (High Risk/Destructive)
Operations that permanently delete or destroy data:
rm -rf,delete,drop,truncate- Database drops/truncates
- File/directory deletion
- Force operations (
--force,-f)
🟡 YELLOW (Medium Risk/Modification)
Operations that modify existing data:
edit,modify,update,set- File writes/edits
- Configuration changes
- Database updates
🟢 GREEN (Low Risk/Read-only)
Safe operations that only read data:
read,show,list,get,cat- File reads
- Directory listings
- Status checks
Use Case Example
Current behavior:
🔧 Bash: List files in directory
🔧 Bash: Remove old cache files
🔧 Bash: Read configuration file
All look the same! Hard to spot the destructive operation.
Proposed behavior:
🟢 Bash: List files in directory
🔴 Bash: Remove old cache files ← Stands out immediately!
🟢 Bash: Read configuration file
The destructive operation is immediately visible.
Implementation Suggestions
- Automatic classification: Analyze the command string for known dangerous patterns
- Match on keywords:
rm,delete,drop,truncate, etc. - Check for force flags:
-f,--force,--no-preserve-root - Detect recursive operations:
-r,-rf,--recursive
- Tool-specific rules: Different tools can have different risk profiles
Bash: Classify by command and flagsEdit/Write: Always yellow (modifications)Read/Grep: Always green (read-only)
- User override: Allow users to configure custom risk classifications in settings
- Terminal color support: Use ANSI color codes for terminal output
- Red:
\033[31mor\033[1;31m(bold) - Yellow:
\033[33mor\033[1;33m(bold) - Green:
\033[32mor\033[1;32m(bold)
Benefits
- Security: Users can instantly spot dangerous operations
- Confidence: Easier to approve/deny tool calls at a glance
- Error prevention: Reduces accidental approval of destructive operations
- Accessibility: Visual distinction helps all users, especially in fast-moving sessions
- Training: New users learn to recognize dangerous patterns
Related Security Concerns
This feature would have helped prevent a real issue I encountered where:
- A
catcommand was used to read a private SSH key - The output was logged in the conversation history
- The security risk wasn't immediately obvious
With color-coding, users would immediately notice:
🔴 Bash: cat /root/.ssh/id_rsa ← RED FLAG!
Additional Enhancement
Consider adding a confirmation prompt for RED-level operations:
⚠️ DESTRUCTIVE OPERATION DETECTED
Command: rm -rf /home/user/.claude/sessions/*
Risk Level: HIGH
This will permanently delete data.
Continue? [y/N]:
Configuration Example
Suggested settings in ~/.claude/settings.json:
{
"toolCallColors": {
"enabled": true,
"riskLevels": {
"high": {
"color": "red",
"patterns": ["rm -rf", "delete", "drop", "truncate"],
"requireConfirmation": true
},
"medium": {
"color": "yellow",
"patterns": ["edit", "modify", "update", "set"]
},
"low": {
"color": "green",
"patterns": ["read", "show", "list", "get", "cat"]
}
}
}
}
Priority
High - This is a security and UX improvement that would benefit all users, especially those working with production systems or sensitive data.
---
Environment:
- Claude Code Version: 2.1.38
- OS: Linux
- Use Case: Production network automation, infrastructure management
Thank you for considering this feature! It would significantly improve the security and usability of Claude Code.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗